5.9

CVE-2023-47147

IBM Secure Proxy file manipulation

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions.  IBM X-Force ID:  270598.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmSterling Secure Proxy Version6.0.3
IbmSterling Secure Proxy Version6.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.33
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
psirt@us.ibm.com 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

https://www.ibm.com/support/pages/node/7142038
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/270598
Vendor Advisory
VDB Entry