Ibm

Sterling External Authentication Server

11 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2023-29261

  • EPSS 0.02%
  • Published 05.09.2023 01:15:07
  • Last modified 21.11.2024 07:56:46

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139.

5.5

CVE-2023-32338

  • EPSS 0.02%
  • Published 05.09.2023 00:15:07
  • Last modified 21.11.2024 08:03:08

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.

5.5

CVE-2022-35720

  • EPSS 0.01%
  • Published 08.02.2023 19:15:11
  • Last modified 21.11.2024 07:11:32

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.

4.3

CVE-2022-22349

  • EPSS 0.38%
  • Published 24.02.2022 17:15:07
  • Last modified 21.11.2024 06:46:40

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM...

6.5

CVE-2022-22333

  • EPSS 0.65%
  • Published 23.02.2022 20:15:09
  • Last modified 21.11.2024 06:46:39

IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP ...

7.5

CVE-2022-22336

  • EPSS 1.93%
  • Published 23.02.2022 20:15:09
  • Last modified 21.11.2024 06:46:39

IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395.

7.5

CVE-2021-29722

  • EPSS 0.14%
  • Published 30.08.2021 17:15:07
  • Last modified 21.11.2024 06:01:41

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095.

7.5

CVE-2021-29723

  • EPSS 0.14%
  • Published 30.08.2021 17:15:07
  • Last modified 21.11.2024 06:01:41

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100.

4.9

CVE-2021-29728

  • EPSS 0.09%
  • Published 30.08.2021 17:15:07
  • Last modified 21.11.2024 06:01:42

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of i...

8.2

CVE-2020-4462

  • EPSS 0.98%
  • Published 16.07.2020 15:15:28
  • Last modified 21.11.2024 05:32:45

IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker coul...