IBM Sterling Connect:Express for UNIX server-side request forgery
CVE-2023-29260

6.5MEDIUM

Key Information:

Vendor
IBM
Status
Sterling Connect:express For Unix
Vendor
CVE Published:
19 July 2023

Summary

IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135.

Affected Version(s)

Sterling Connect:Express for UNIX 1.5

References

https://www.ibm.com/support/pages/node/7010923
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/252135
vdb-entry

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.