CVE-2023-46181: IBM Secure Proxy information disclosure

Q: What is the severity of CVE-2023-46181?

CVE-2023-46181 is classified as a medium severity vulnerability due to the potential for unauthorized access to locally stored web pages.

Q: How do I fix CVE-2023-46181?

To mitigate CVE-2023-46181, upgrade IBM Sterling Secure Proxy to version 6.0.4 or higher for 6.0.x and to version 6.1.1 or higher for 6.1.x.

Q: Which versions of IBM Sterling Secure Proxy are affected by CVE-2023-46181?

CVE-2023-46181 affects IBM Sterling Secure Proxy versions 6.0.3 and 6.1.0.

Q: What does CVE-2023-46181 allow an attacker to do?

CVE-2023-46181 allows an attacker to read locally stored web pages that should be restricted to the original user.

Q: Is there a patch available for CVE-2023-46181?

Yes, patches are available for CVE-2023-46181 for affected versions of IBM Sterling Secure Proxy.

Published Mar 14, 2024

Updated

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686.

Other sources

IBM Sterling Secure Proxy allows web pages to be stored locally which can be read by another user on the system.

— IBM

Affected Software

4 affected componentsFixes available

IBM Secure Proxy<=6.0.3

IBM Secure Proxy<=6.1.0

IBM Sterling Secure Proxy=6.0.3

IBM Sterling Secure Proxy=6.1.0

Remediation

Patch Available

https://www.ibm.com/support/pages/node/7142038

Event History

Mar 14, 2024

CVE Published

via IBM·12:00 AM

Mar 15, 2024

CVE Published

via MITRE·03:13 PM

Data Sourced

via MITRE·03:13 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·04:15 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-7142038

Frequently Asked Questions

What is the severity of CVE-2023-46181?

CVE-2023-46181 is classified as a medium severity vulnerability due to the potential for unauthorized access to locally stored web pages.

How do I fix CVE-2023-46181?