Ibm Sterling Secure Proxy vulnerabilities

32 known vulnerabilities affecting ibm/sterling_secure_proxy.

Total CVEs

32

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL2HIGH10MEDIUM19LOW1

Vulnerabilities

Page 2 of 2

CVE-2021-29723HIGHCVSS 7.5v3.4.3.2v6.0.1+2 more2021-08-30

CVE-2021-29723 [HIGH] CWE-327 CVE-2021-29723: IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100.

CVE-2021-29728MEDIUMCVSS 4.9v3.4.3.2v6.0.1+2 more2021-08-30

CVE-2021-29728 [MEDIUM] CWE-798 CVE-2021-29728: IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such a IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160.

CVE-2021-29725HIGHCVSS 7.5v3.4.3.2v6.0.1+1 more2021-07-15

CVE-2021-29725 [HIGH] CWE-770 CVE-2021-29725: IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.

CVE-2021-29749MEDIUMCVSS 5.4v6.0.22021-07-15

CVE-2021-29749 [MEDIUM] CWE-918 CVE-2021-29749: IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-s IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201777.

CVE-2020-4462HIGHCVSS 8.2v3.4.2.0v3.4.3.0+8 more2020-07-16

CVE-2020-4462 [HIGH] CWE-611 CVE-2020-4462: IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:

CVE-2016-6023HIGHCVSS 7.5v3.4.2.0v3.4.3.02016-10-06

CVE-2016-6023 [HIGH] CWE-22 CVE-2016-6023: Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3. Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.

CVE-2016-6026MEDIUMCVSS 5.3v3.4.2.0v3.4.3.02016-10-06

CVE-2016-6026 [MEDIUM] CWE-200 CVE-2016-6026: The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 b The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.

CVE-2016-6027MEDIUMCVSS 6.1v3.4.2.0v3.4.3.02016-10-06

CVE-2016-6027 [MEDIUM] CWE-79 CVE-2016-6027: The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 b The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.

CVE-2016-6025MEDIUMCVSS 5.9v3.4.2.0v3.4.3.02016-10-06

CVE-2016-6025 [MEDIUM] CWE-264 CVE-2016-6025: The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 b The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL.

CVE-2013-0520MEDIUMCVSS 4.0v3.2.0.0v3.3.0.1+5 more2013-05-10

CVE-2013-0520 [MEDIUM] CWE-20 CVE-2013-0520: IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Inte IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data.

CVE-2013-0518MEDIUMCVSS 4.3v3.2.0.0v3.3.0.1+5 more2013-05-10

CVE-2013-0518 [MEDIUM] CWE-20 CVE-2013-0518: IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Inte IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2013-0519MEDIUMCVSS 5.0v3.2.0.0v3.3.0.1+5 more2013-05-10

CVE-2013-0519 [MEDIUM] CWE-200 CVE-2013-0519: IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Inte IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page title and (2) an unspecified HTTP header field, which allows remote attackers to obtain potentially sensitive information by reading a version string.

← Previous2 / 2