CVE-2016-6025

MEDIUM

IBM Sterling Secure Proxy <3.4.2.0-3.4.3.0 - Info Disclosure

Title source: llm

Description

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL.

References (2)

Scores

CVSS v3 5.9
EPSS 0.0020
EPSS Percentile 42.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE
CWE-264
Status published

Affected Products (10)

ibm/sterling_secure_proxy
ibm/sterling_secure_proxy
ibm/sterling_secure_proxy
ibm/sterling_secure_proxy
ibm/sterling_secure_proxy
ibm/sterling_secure_proxy
ibm/sterling_secure_proxy
ibm/sterling_secure_proxy
ibm/sterling_secure_proxy
n/a/n/a

Timeline

Published Oct 06, 2016
Tracked Since Feb 18, 2026