VDB
CVE-2024-41784
CVE-2024-41784
PUBLISHED
CVSS 7.5 HIGH
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the system.
EPSS 0.12% · 30.0th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.12%
30.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ibm | sterling_secure_proxy | 6.0.2.0, 6.0.3.0, 6.0.0.0 |
| IBM | Sterling Secure Proxy | 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0 |
Exploit Intelligence
Timeline
- Oct 25, 2024 CVE Published
- Nov 16, 2024 EPSS Score
- Nov 16, 2024 Coalition ESS Score
- Nov 19, 2024 Coalition ESS Score
- Nov 20, 2024 Coalition ESS Score
- Nov 20, 2024 CVE Updated
- Dec 5, 2024 EPSS Score
- Dec 22, 2024 EPSS Score
- Jan 9, 2025 EPSS Score
- Jan 26, 2025 EPSS Score
- Feb 13, 2025 EPSS Score
- Mar 2, 2025 EPSS Score
References
- https://www.ibm.com/support/pages/node/7173631 advisory
- https://www.ibm.com/support/pages/node/7174016 advisory
- https://www.ibm.com/support/pages/node/7174015 advisory
- https://www.ibm.com/support/pages/node/7173632 advisory
- https://www.ibm.com/support/pages/node/7172691 advisory
- https://www.ibm.com/support/pages/node/7172692 advisory
- https://www.ibm.com/support/pages/node/7173592 advisory
- https://www.ibm.com/support/pages/node/7173866 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-41784 advisory