Ibm: >> Sterling Secure Proxy Security Vulnerabilities
IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523.
CVSS Score
4.6
EPSS Score
0.001
Published
2023-02-08
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.
CVSS Score
2.3
EPSS Score
0.0
Published
2023-02-08
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.
CVSS Score
5.9
EPSS Score
0.0
Published
2022-12-06
IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-05-17
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133.
CVSS Score
6.5
EPSS Score
0.006
Published
2022-02-23
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395.
CVSS Score
7.5
EPSS Score
0.014
Published
2022-02-23
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095.
CVSS Score
5.9
EPSS Score
0.001
Published
2021-08-30
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100.
CVSS Score
5.9
EPSS Score
0.001
Published
2021-08-30
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160.
CVSS Score
4.9
EPSS Score
0.001
Published
2021-08-30
IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.
CVSS Score
7.5
EPSS Score
0.02
Published
2021-07-15