CNVD-2024-15367 — Vulnetix

CNVD-2024-15367 PUBLISHED CVSS 6.099999904632568 MEDIUM

IBM Sterling Secure Proxy是美国国际商业机器（IBM）公司的一个用于确保组织非保护区(DMZ)中文件安全传输的应用程序代理。 IBM Sterling Secure Proxy 6.0.3版本和6.1.0版本存在跨站脚本漏洞。攻击者可利用该漏洞在Web UI中嵌入任意JavaScript代码。

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
IBM	Secure Proxy	6.0.3, 6.1.0

Exploit Intelligence

CIRCL seen: CVE-2023-47162 (circl-sighting)
CIRCL seen: CVE-2023-47162 (circl-sighting)
https://www.ibm.com/support/pages/node/7142038 (circl)
https://exchange.xforce.ibmcloud.com/vulnerabilities/270973 (circl)

Timeline

Mar 15, 2024 CVE Published
Mar 15, 2024 PoC Published
Mar 15, 2024 PoC Published

References

https://www.ibm.com/support/pages/node/7142038 vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/270973 vdb

Open in Interactive Console →