IBM Sterling Secure Proxy 6.0.3/6.1.0: Log Message Overwrite Vulnerability
CVE-2023-47147 Published on March 15, 2024

IBM Secure Proxy file manipulation
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-47147 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

External Control of File Name or Path

The software allows user input to control or influence paths or file names that are used in filesystem operations.

Products Associated with CVE-2023-47147

Want to know whenever a new CVE is published for IBM Sterling Secure Proxy? stack.watch will email you.

IBM Sterling Secure Proxy

Affected Versions

IBM Secure Proxy Version 6.0.3, 6.1.0 is affected by CVE-2023-47147

Exploit Probability

EPSS

0.05%

Percentile

16.34%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

IBM Sterling Secure Proxy 6.0.3/6.1.0: Log Message Overwrite VulnerabilityCVE-2023-47147 Published on March 15, 2024

Vulnerability Analysis

Weakness Type

External Control of File Name or Path

Products Associated with CVE-2023-47147

Affected Versions

Exploit Probability

IBM Sterling Secure Proxy 6.0.3/6.1.0: Log Message Overwrite Vulnerability
CVE-2023-47147 Published on March 15, 2024