Ibm

Sterling Secure Proxy

31 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-29722

  • EPSS 0.14%
  • Published 30.08.2021 17:15:07
  • Last modified 21.11.2024 06:01:41

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095.

5.5

CVE-2021-29749

  • EPSS 0.24%
  • Published 15.07.2021 16:15:09
  • Last modified 21.11.2024 06:01:44

IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enu...

7.5

CVE-2021-29725

  • EPSS 2.03%
  • Published 15.07.2021 16:15:09
  • Last modified 21.11.2024 06:01:41

IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.

8.2

CVE-2020-4462

  • EPSS 0.98%
  • Published 16.07.2020 15:15:28
  • Last modified 21.11.2024 05:32:45

IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker coul...

6.1

CVE-2016-6027

  • EPSS 0.24%
  • Published 06.10.2016 10:59:08
  • Last modified 12.04.2025 10:46:40

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modi...

5.3

CVE-2016-6026

  • EPSS 0.07%
  • Published 06.10.2016 10:59:07
  • Last modified 12.04.2025 10:46:40

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.

5.9

CVE-2016-6025

  • EPSS 0.2%
  • Published 06.10.2016 10:59:06
  • Last modified 12.04.2025 10:46:40

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack in...

7.5

CVE-2016-6023

  • EPSS 0.22%
  • Published 06.10.2016 10:59:04
  • Last modified 12.04.2025 10:46:40

Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.

4.3

CVE-2013-0518

  • EPSS 0.2%
  • Published 10.05.2013 11:42:29
  • Last modified 11.04.2025 00:51:21

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct c...

4

CVE-2013-0520

  • EPSS 0.14%
  • Published 10.05.2013 11:42:29
  • Last modified 11.04.2025 00:51:21

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data...