CVE-2024-51453

CWE-22 — Path Traversal3 documents3 sources

Severity

7.5HIGH

EPSS

0.2%

top 56.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling Secure Proxy

Timeline

PublishedMay 28

Description

IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/sterling_secure_proxy6.2.0.0 — 6.2.0.1

▶NVDibm/sterling_secure_proxy6.2.0.0 — 6.2.0.1

🔴Vulnerability Details

GHSA

GHSA-2fcj-g7j8-pg57: IBM Sterling Secure Proxy 6↗2025-05-28

▶

CVEList

IBM Sterling Secure Proxy directory traversal↗2025-05-28

▶