Ibm

Sterling Secure Proxy

31 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2023-46179

  • EPSS 0.04%
  • Veröffentlicht 15.03.2024 15:15:07
  • Zuletzt bearbeitet 21.11.2024 08:28:01

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goe...

5.5

CVE-2023-32338

  • EPSS 0.02%
  • Veröffentlicht 05.09.2023 00:15:07
  • Zuletzt bearbeitet 21.11.2024 08:03:08

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.

5.5

CVE-2022-35720

  • EPSS 0.01%
  • Veröffentlicht 08.02.2023 19:15:11
  • Zuletzt bearbeitet 21.11.2024 07:11:32

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.

4.6

CVE-2022-34362

  • EPSS 0.17%
  • Veröffentlicht 08.02.2023 19:15:11
  • Zuletzt bearbeitet 21.11.2024 07:09:21

IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting...

7.5

CVE-2022-34361

  • EPSS 0.17%
  • Veröffentlicht 06.12.2022 18:15:10
  • Zuletzt bearbeitet 21.11.2024 07:09:21

IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.

5.3

CVE-2021-29726

  • EPSS 0.07%
  • Veröffentlicht 17.05.2022 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:01:42

IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104.

7.5

CVE-2022-22336

  • EPSS 1.93%
  • Veröffentlicht 23.02.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:46:39

IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395.

6.5

CVE-2022-22333

  • EPSS 0.65%
  • Veröffentlicht 23.02.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:46:39

IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP ...

4.9

CVE-2021-29728

  • EPSS 0.09%
  • Veröffentlicht 30.08.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:01:42

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of i...

7.5

CVE-2021-29723

  • EPSS 0.14%
  • Veröffentlicht 30.08.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:01:41

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100.