CVE-2023-35020

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 19, 2024

Updated: Jan 24, 2024

CWE ID 22

Summary

CVE-2023-35020 is a directory traversal vulnerability affecting IBM Sterling Control Center version 6.3.0. An attacker can exploit this issue by sending a maliciously crafted URL request containing "dot dot" sequences ("/../"). This allows the attacker to view arbitrary files on the system, potentially leading to unauthorized access or data leakage. IBM X-Force has assigned the ID 257874 to this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

IBM Sterling Control Center

Affected Vendors

IBM Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rooKtC
https://www.cve.org/CVERecord?id=CVE-2023-35020
https://nvd.nist.gov/vuln/detail/CVE-2023-35020

Back to Vulnerability Database