Ibm Sterling External Authentication Server vulnerabilities
11 known vulnerabilities affecting ibm/sterling_external_authentication_server.
Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2023-29261MEDIUMCVSS 5.5v6.0.3.0v6.1.02023-09-05
CVE-2023-29261 [MEDIUM] CWE-922 CVE-2023-29261: IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about t
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139.
nvd
CVE-2023-32338MEDIUMCVSS 5.5v6.0.3.0v6.1.02023-09-05
CVE-2023-32338 [MEDIUM] CWE-522 CVE-2023-32338: IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores use
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.
nvd
CVE-2022-35720MEDIUMCVSS 5.5v6.1.02023-02-08
CVE-2022-35720 [LOW] CWE-327 CVE-2022-35720: IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker th
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.
cvelistv5nvd
CVE-2022-22349MEDIUMCVSS 4.3v3.4.3.2v6.0.2.0+1 more2022-02-24
CVE-2022-22349 [MEDIUM] CWE-22 CVE-2022-22349: IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path trav
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144.
cvelistv5nvd
CVE-2022-22336HIGHCVSS 7.5v3.4.3.2v6.0.2.0+1 more2022-02-23
CVE-2022-22336 [HIGH] CWE-401 CVE-2022-22336: IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395.
nvd
CVE-2022-22333MEDIUMCVSS 6.5v3.4.3.2v6.0.2.0+1 more2022-02-23
CVE-2022-22333 [MEDIUM] CWE-120 CVE-2022-22333: IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Ser
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafte
nvd
CVE-2021-29722HIGHCVSS 7.5v2.4.3.2v6.0.1.0+1 more2021-08-30
CVE-2021-29722 [HIGH] CWE-327 CVE-2021-29722: IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095.
nvd
CVE-2021-29723HIGHCVSS 7.5v2.4.3.2v6.0.1.0+1 more2021-08-30
CVE-2021-29723 [HIGH] CWE-327 CVE-2021-29723: IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100.
nvd
CVE-2021-29728MEDIUMCVSS 4.9v2.4.3.2v6.0.1.0+1 more2021-08-30
CVE-2021-29728 [MEDIUM] CWE-798 CVE-2021-29728: IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such a
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160.
nvd
CVE-2020-4462HIGHCVSS 8.2v2.4.2.0v2.4.3.2+3 more2020-07-16
CVE-2020-4462 [HIGH] CWE-611 CVE-2020-4462: IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:
cvelistv5nvd
CVE-2013-0517HIGHCVSS 7.8v2.2.0v2.3.01+3 more2020-02-11
CVE-2013-0517 [HIGH] CWE-78 CVE-2013-0517: A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.0
A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code.
cvelistv5nvd