Ibm

Sterling Secure Proxy

31 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-51453

  • EPSS 0.08%
  • Veröffentlicht 28.05.2025 15:22:39
  • Zuletzt bearbeitet 09.06.2025 18:58:08

IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

7.5

CVE-2024-38341

  • EPSS 0.02%
  • Veröffentlicht 28.05.2025 15:21:00
  • Zuletzt bearbeitet 09.06.2025 18:57:54

IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

9.1

CVE-2024-41783

  • EPSS 0.24%
  • Veröffentlicht 19.01.2025 15:15:21
  • Zuletzt bearbeitet 25.07.2025 20:38:34

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of a specified type of input.

9.1

CVE-2024-38337

  • EPSS 0.13%
  • Veröffentlicht 19.01.2025 15:15:19
  • Zuletzt bearbeitet 25.07.2025 20:38:37

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments.

7.5

CVE-2024-41784

  • EPSS 0.13%
  • Veröffentlicht 15.11.2024 16:15:34
  • Zuletzt bearbeitet 20.11.2024 14:35:10

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view a...

6.1

CVE-2023-47699

  • EPSS 0.15%
  • Veröffentlicht 15.03.2024 16:15:08
  • Zuletzt bearbeitet 21.11.2024 08:30:41

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure w...

5.3

CVE-2023-47147

  • EPSS 0.05%
  • Veröffentlicht 15.03.2024 16:15:08
  • Zuletzt bearbeitet 21.11.2024 08:29:51

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598.

3.3

CVE-2023-46181

  • EPSS 0.03%
  • Veröffentlicht 15.03.2024 16:15:07
  • Zuletzt bearbeitet 21.11.2024 08:28:01

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686.

6.1

CVE-2023-47162

  • EPSS 0.15%
  • Veröffentlicht 15.03.2024 15:15:07
  • Zuletzt bearbeitet 21.11.2024 08:29:52

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure w...

5.4

CVE-2023-46182

  • EPSS 0.14%
  • Veröffentlicht 15.03.2024 15:15:07
  • Zuletzt bearbeitet 21.11.2024 08:28:01

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure w...