CVE-2024-41784 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-41784 PUBLISHED CVSS 7.5 HIGH

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the system.

EPSS 0.09% · 24.8th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.09%

24.8th percentile

Affected Products

Vendor	Product	Versions
ibm	sterling_secure_proxy	6.0.0.0, 6.0.1.0, 6.0.2.0
IBM	Sterling Secure Proxy	6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0

Timeline

Oct 25, 2024 CVE Published
Nov 16, 2024 EPSS Score
Nov 16, 2024 Coalition ESS Score
Nov 19, 2024 Coalition ESS Score
Nov 20, 2024 Coalition ESS Score
Nov 20, 2024 CVE Updated
Dec 4, 2024 EPSS Score
Dec 21, 2024 EPSS Score
Jan 7, 2025 EPSS Score
Jan 24, 2025 EPSS Score
Feb 10, 2025 EPSS Score
Feb 27, 2025 EPSS Score

References

https://www.ibm.com/support/pages/node/7173631 advisory
https://www.ibm.com/support/pages/node/7174016 advisory
https://www.ibm.com/support/pages/node/7174015 advisory
https://www.ibm.com/support/pages/node/7173632 advisory
https://www.ibm.com/support/pages/node/7172691 advisory
https://www.ibm.com/support/pages/node/7172692 advisory
https://www.ibm.com/support/pages/node/7173592 advisory
https://www.ibm.com/support/pages/node/7173866 advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-41784 advisory

Open in Interactive Console →