CVSS: 8.2EPSS: 1%CPEs: 8EXPL: 0CVE-2020-4462
https://notcve.org/view.php?id=CVE-2020-4462
16 Jul 2020 — IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181482. IBM Sterling External Authentication Server versiones 6.0.1, 6.0.0, 2.4.3.2 y 2.4.2 e IBM Sterling Secure Proxy versiones 6.0.1, 6.0.0, 3.4.3 y 3.4.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/181482 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2016-6023
https://notcve.org/view.php?id=CVE-2016-6023
06 Oct 2016 — Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL. Vulnerabilidad de salto de directorio en el Configuration Manager en IBM Sterling Secure Proxy (SSP) 3.4.2 en versiones anteriores a 3.4.2.0 iFix 8 y 3.4.3 en versiones anteriores a 3.4.3.0 iFix 1 permite a atacantes remotos leer archivos arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21991278 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.9EPSS: 0%CPEs: 9EXPL: 0CVE-2016-6025
https://notcve.org/view.php?id=CVE-2016-6025
06 Oct 2016 — The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL. El Configuration Manager en IBM Sterling Secure Proxy (SSP) 3.4.2 en versiones anteriores a 3.4.2.0 iFix 8 y 3.4.3 en versiones anteriores a 3.4.3.0 iFix 1 permite a atacantes remotos obtener acceso mediante el aprovechamiento de una esta... • http://www-01.ibm.com/support/docview.wss?uid=swg21991278 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2016-6026
https://notcve.org/view.php?id=CVE-2016-6026
06 Oct 2016 — The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST. El Configuration Manager en IBM Sterling Secure Proxy (SSP) 3.4.2 en versiones anteriores a 3.4.2.0 iFix 8 y 3.4.3 en versiones anteriores a 3.4.3.0 iFix 1 permite a atacantes man-in-the-middle obtener información sensible a través de un método HTTP que no es ni GET ni POST. • http://www-01.ibm.com/support/docview.wss?uid=swg21991278 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2016-6027
https://notcve.org/view.php?id=CVE-2016-6027
06 Oct 2016 — The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP. El Configuration Manager en IBM Sterling Secure Proxy (SSP) 3.4.2 en versiones anteriores a 3.4.2.0 iFix 8 y 3.4.3 en versiones anteriores a 3.4.3.0 iFix 1 no habilita el mecanismo de protección HSTS, lo que facilita a atacante... • http://www-01.ibm.com/support/docview.wss?uid=swg21991278 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •