CNVD-2024-12703 — Vulnetix

CNVD-2024-12703 PUBLISHED CVSS 7.5 HIGH

IBM Sterling Connect:Express for UNIX是美国国际商业机器（IBM）公司的一套适用于UNIX平台的文件传输解决方案。 IBM Sterling Connect:Express for UNIX 1.5.0版本存在缓冲区溢出漏洞，该漏洞源于程序未能正确验证输入数据的长度大小，远程攻击者可利用该漏洞通过浏览器UI造成拒绝服务。

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
IBM	Sterling Connect:Express for UNIX	1.5.0

Timeline

Jul 13, 2023 CVE Published
Mar 4, 2024 PoC Published
Mar 4, 2024 PoC Published

References

https://www.ibm.com/support/pages/node/7011443 vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/254979 vdb

Open in Interactive Console →