CNVD-2024-15368 — Vulnetix

CNVD-2024-15368 PUBLISHED CVSS 5.400000095367432 MEDIUM

IBM Sterling Secure Proxy是美国国际商业机器（IBM）公司的一个用于确保组织非保护区(DMZ)中文件安全传输的应用程序代理。 IBM Sterling Secure Proxy 6.0.3版本和6.1.0版本存在跨站脚本漏洞，该漏洞源于存在跨站脚本（XSS）漏洞。攻击者可利用该漏洞在Web UI中嵌入任意JavaScript代码。

Risk Scores

CVSS v3.1

5.400000095367432

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
IBM	Secure Proxy	6.0.3, 6.1.0

Timeline

Mar 15, 2024 CVE Published
Mar 15, 2024 PoC Published
Mar 15, 2024 PoC Published

References

https://www.ibm.com/support/pages/node/7142038 vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/269692 vdb

Open in Interactive Console →