6.1.0

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

local

low complexity

ibm

CWE-525

NVD

Published: 2024-03-15

Updated: 2024-03-19

Summary

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Sterling Secure Proxy 6.0.3 IBM Sterling Secure Proxy 6.1.0	2

Common Weakness Enumeration (CWE)

CWE-525 - Information Exposure Through Browser Caching

Common Attack Pattern Enumeration and Classification (CAPEC)

Lifting Data Embedded in Client Distributions
An attacker can resort to stealing data embedded in client distributions or client code in order to gain certain information. This information can reveal confidential contents, such as account numbers, or can be used as an intermediate step in a larger attack (such as by stealing keys/credentials).

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References