CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29261 – IBM Sterling Secure Proxy information disclosure
https://notcve.org/view.php?id=CVE-2023-29261
05 Sep 2023 — IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139. IBM Sterling Secure Proxy v6.0.3 y v6.1.0 podrían permitir a un usuario local con información específica sobre el sistema obtener información privilegiada debido a una limpieza inadecuada de la memoria durante las operaciones. ID de IBM X-Force: 252139. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252139 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32338 – IBM Sterling Secure Proxy information disclosure
https://notcve.org/view.php?id=CVE-2023-32338
04 Sep 2023 — IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585. IBM Sterling Secure Proxy e IBM Sterling External Authentication Server v6.0.3 y v6.1.0 almacenan credenciales de usuario en texto claro que puede leer un usuario local con acceso al contenedor. IBM X-Force ID: 255585. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255585 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22349
https://notcve.org/view.php?id=CVE-2022-22349
24 Feb 2022 — IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144. IBM Sterling External Authentication Server versiones 3.4.3.2, 6.0.2.0, y 6.0.3.0, es vulnerable a saltos de ruta, debido a que no son comprobados apropiadamente los datos de configuración RESTAPI. Un usuario autorizado podría importar datos... • https://exchange.xforce.ibmcloud.com/vulnerabilities/220144 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2022-22336
https://notcve.org/view.php?id=CVE-2022-22336
23 Feb 2022 — IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395. IBM Sterling External Authentication Server e IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0 y 3.4.3.2 podrían permitir a un usuario remoto consumir recursos causando una denegación de servicio debido a una fuga de recursos. ID de IBM X-Force: 219395 • https://exchange.xforce.ibmcloud.com/vulnerabilities/219395 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22333
https://notcve.org/view.php?id=CVE-2022-22333
23 Feb 2022 — IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133. IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, y 3.4.3.2 e IBM Sterling External Authentication Server so... • https://exchange.xforce.ibmcloud.com/vulnerabilities/219133 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •