VYPR

Sterling Secure Proxy

by IBM

CVEs (32)

  • CVE-2021-29726May 17, 2022
    risk 0.00cvss epss 0.01

    IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104.

  • CVE-2022-22336Feb 23, 2022
    risk 0.00cvss epss 0.02

    IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395.

  • CVE-2022-22333Feb 23, 2022
    risk 0.00cvss epss 0.01

    IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local…

  • CVE-2021-29728Aug 30, 2021
    risk 0.00cvss epss 0.01

    IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:…

  • CVE-2021-29723Aug 30, 2021
    risk 0.00cvss epss 0.01

    IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100.

  • CVE-2021-29722Aug 30, 2021
    risk 0.00cvss epss 0.01

    IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095.

  • CVE-2021-29749Jul 15, 2021
    risk 0.00cvss epss 0.01

    IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating…

  • CVE-2021-29725Jul 15, 2021
    risk 0.00cvss epss 0.03

    IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.

  • CVE-2020-4462Jul 16, 2020
    risk 0.00cvss epss 0.03

    IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability…

  • CVE-2013-0520May 10, 2013
    risk 0.00cvss epss 0.01

    IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data.

  • CVE-2013-0519May 10, 2013
    risk 0.00cvss epss 0.01

    IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page title and (2) an unspecified HTTP header field, which allows remote attackers to…

  • CVE-2013-0518May 10, 2013
    risk 0.00cvss epss 0.01

    IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a…

Page 2 of 2