CVEs (11)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Ibm 1Sterling External Authentication Server Nov 21, 2024 Sep 5, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139...Show more |
1Ibm 2Sterling External Authentication Server Sterling Secure ProxyNov 21, 2024 Sep 5, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585. |
1Ibm 2Sterling External Authentication Server Sterling Secure ProxyNov 21, 2024 Feb 8, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive informat...Show more |
1Ibm 1Sterling External Authentication Server Nov 21, 2024 Feb 24, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which co...Show more |
1Ibm 2Sterling External Authentication Server Sterling Secure ProxyNov 21, 2024 Feb 23, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 2...Show more |
1Ibm 2Sterling External Authentication Server Sterling Secure ProxyNov 21, 2024 Feb 23, 2022 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of...Show more |
1Ibm 2Sterling External Authentication Server Sterling Secure ProxyNov 21, 2024 Aug 30, 2021 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external...Show more |
1Ibm 2Sterling External Authentication Server Sterling Secure ProxyNov 21, 2024 Aug 30, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100. |
1Ibm 2Sterling External Authentication Server Sterling Secure ProxyNov 21, 2024 Aug 30, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095. |
1Ibm 2Sterling External Authentication Server Sterling Secure ProxyNov 21, 2024 Jul 16, 2020 N/A· v4 8.2 HIGH· v3 6.4 MEDIUM· v2 IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XM...Show more |
1Ibm 1Sterling External Authentication Server Nov 21, 2024 Feb 11, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code. |