CVE-2021-29725

CWE-770 — Allocation without Limits3 documents3 sources

Severity

7.5HIGH

EPSS

2.0%

top 16.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Secure External Authentication Server IBM Secure Proxy IBM Sterling Secure Proxy

Timeline

PublishedJul 15

Latest updateMay 24

Description

IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5ibm/secure_external_authentication_server2.4.3.2, 6.0.1, 6.0.2+2

▶NVDibm/secure_external_authentication_server2.4.3.2, 6.0.1, 6.0.2+2

▶CVEListV5ibm/secure_proxy3.4.3.2, 6.0.1, 6.0.2+2

▶NVDibm/sterling_secure_proxy3.4.3.2, 6.0.1, 6.0.2+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-53qf-272p-ghf6: IBM Secure External Authentication Server 2↗2022-05-24

▶

CVEList

CVE-2021-29725: IBM Secure External Authentication Server 2↗2021-07-15

▶