CVE-2024-41784
Path Traversal: '...' (Triple Dot) (CWE-32)
Published: Nov 15, 2024 / Updated: 4d ago
010
CVSS 7.5EPSS 0.09%High
CVE info copied to clipboard
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the system.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Timeline
Detection in Vulnerability Scanners
Detection for the vulnerability has been added to Qualys (380753)
Oct 22, 2024 at 7:53 AM
First Article
Feedly found the first article mentioning CVE-2024-41784. See article
Nov 15, 2024 at 3:49 PM / Vulners.com RSS Feed
CVSS Estimate
Feedly estimated the CVSS score as MEDIUM
Nov 15, 2024 at 3:49 PM
CVE Assignment
NVD published the first details for CVE-2024-41784
Nov 15, 2024 at 4:15 PM
CVSS
A CVSS base score of 7.5 has been assigned.
Nov 15, 2024 at 4:20 PM / nvd
EPSS
EPSS Score was set to: 0.09% (Percentile: 38.3%)
Nov 16, 2024 at 12:40 PM
Affected Systems
Ibm/sterling_secure_proxy
+null more
News
High - CVE-2024-41784 - IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1,...
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request...
CVE-2024-41784 - IBM Sterling Secure Proxy Directory Traversal Vulnerability
CVE ID : CVE-2024-41784 Published : Nov. 15, 2024, 4:15 p.m. 53 minutes ago Description : IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the system. Severity: 7.5
CVE-2024-41784
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the system.
CVE-2024-41784 | IBM Sterling Secure Proxy 6.0.0.0/6.0.0.1/6.0.0.2/6.0.0.3/6.1.0.0 URL path traversal
A vulnerability was found in IBM Sterling Secure Proxy 6.0.0.0/6.0.0.1/6.0.0.2/6.0.0.3/6.1.0.0 . It has been classified as problematic . Affected is an unknown function of the component URL Handler . The manipulation leads to path traversal: '...' (triple dot). This vulnerability is traded as CVE-2024-41784 . It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
CVE-2024-41784 IBM Sterling Secure Proxy directory traversal
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the...
See 3 more articles and social media posts