Remote Access Vulnerability in IBM Sterling Secure Proxy
CVE-2016-6025

5.9MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
6 October 2016

Summary

A vulnerability exists in IBM Sterling Secure Proxy that allows remote attackers to exploit unattended workstations. By leveraging specific conditions, an attacker can conduct a post-logoff session-reuse attack via a modified URL, potentially granting them access to sensitive information without proper authorization. This situation arises in versions 3.4.2 prior to iFix 8 and 3.4.3 prior to iFix 1, underscoring the need for timely updates and vigilant security practices.

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.