CNVD-2024-14665 — Vulnetix

CNVD-2024-14665 PUBLISHED CVSS 4 MEDIUM

IBM Sterling Secure Proxy是美国国际商业机器（IBM）公司的一个用于确保组织非保护区(DMZ)中文件安全传输的应用程序代理。 IBM Sterling Secure Proxy 6.0.3版本和6.1.0版本存在信息泄露漏洞，该漏洞源于将网页存储在本地，攻击者可利用该漏洞导致系统上的其他用户读取这些网页。

Risk Scores

CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
IBM	Secure Proxy	6.0.3, 6.1.0

Exploit Intelligence

CIRCL seen: CVE-2023-46181 (circl-sighting)
CIRCL seen: CVE-2023-46181 (circl-sighting)
https://www.ibm.com/support/pages/node/7142038 (circl)
https://exchange.xforce.ibmcloud.com/vulnerabilities/269686 (circl)

Timeline

Mar 15, 2024 CVE Published
Mar 15, 2024 PoC Published
Mar 15, 2024 PoC Published

References

https://www.ibm.com/support/pages/node/7142038 vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/269686 vdb

Open in Interactive Console →