4.9
CVE-2021-29728
- EPSS 0.09%
- Veröffentlicht 30.08.2021 17:15:07
- Zuletzt bearbeitet 21.11.2024 06:01:42
- Quelle psirt@us.ibm.com
- Teams Watchlist Login
- Unerledigt Login
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Sterling External Authentication Server Version2.4.3.2
Ibm ≫ Sterling External Authentication Server Version6.0.1.0
Ibm ≫ Sterling External Authentication Server Version6.0.2.0
Ibm ≫ Sterling Secure Proxy Version3.4.3.2
Ibm ≫ Sterling Secure Proxy Version6.0.1
Ibm ≫ Sterling Secure Proxy Version6.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Typ | Quelle | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.09% | 0.225 |
Quelle | Base Score | Exploit Score | Impact Score | Vector String |
---|---|---|---|---|
nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
psirt@us.ibm.com | 4.9 | 1.2 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.