CVE-2016-6025 — IBM Sterling Secure Proxy vulnerability

CWE-2643 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.2%

top 57.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling Secure Proxy

Timeline

PublishedOct 6

Latest updateMay 17

Description

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.5 | Impact: 3.4

Affected Packages1 packages

▶NVDibm/sterling_secure_proxy3.4.2.0, 3.4.3.0+1

🔴Vulnerability Details

GHSA

GHSA-42f3-49rm-m2q7: The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3↗2022-05-17

▶

CVEList

CVE-2016-6025: The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3↗2016-10-06

▶