CVE-2024-41784

Summary

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/…/) to view arbitrary files on the system.

Affected Software

VendorProductVersion RangeStatus
IBMSterling Secure Proxy6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0affected

Weaknesses

  • CWE-32: CWE-32 Path Traversal: '…' (Triple Dot)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References