Directory Traversal Vulnerability in IBM Sterling Secure Proxy
CVE-2024-41784

7.5HIGH

Key Information:

Vendor: IBM
Status: Sterling Secure Proxy
Vendor: CVE Published:; 15 November 2024

Summary

A directory traversal vulnerability exists in IBM Sterling Secure Proxy that could enable a remote attacker to access unauthorized files on the system. By sending a specially crafted URL request containing specific patterns, such as 'dot dot dot' sequences (/.../), an attacker may exploit this flaw to gain access to arbitrary files, which could lead to unauthorized disclosures and potential further exploitation of the system. Affected users should apply recommended security updates to mitigate risks associated with this vulnerability.

References

https://www.ibm.com/support/pages/node/7173631

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2024