CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29728
https://notcve.org/view.php?id=CVE-2021-29728
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160. IBM Sterling Secure Proxy versiones 6.0.1, 6.0.2, 2.4.3.2 y 3.4.3.2, contiene credenciales embebidas, como una contraseña o una clave criptográfica, que usa para su propia autenticación de entrada, una comunicación de salida con componentes externos o el cifrado de datos internos. IBM X-Force ID: 201160. • https://exchange.xforce.ibmcloud.com/vulnerabilities/201160 https://www.ibm.com/support/pages/node/6484681 https://www.ibm.com/support/pages/node/6484685 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29723
https://notcve.org/view.php?id=CVE-2021-29723
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100. IBM Sterling Secure Proxy versiones 6.0.1, 6.0.2, 2.4.3.2 y 3.4.3.2, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-ForceID: 201100. • https://exchange.xforce.ibmcloud.com/vulnerabilities/201100 https://www.ibm.com/support/pages/node/6484681 https://www.ibm.com/support/pages/node/6484685 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29722
https://notcve.org/view.php?id=CVE-2021-29722
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095. IBM Sterling Secure Proxy versiones 6.0.1, 6.0.2, 2.4.3.2 y 3.4.3.2, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 201095. • https://exchange.xforce.ibmcloud.com/vulnerabilities/201095 https://www.ibm.com/support/pages/node/6484681 https://www.ibm.com/support/pages/node/6484685 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29749
https://notcve.org/view.php?id=CVE-2021-29749
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201777. IBM Secure External Authentication Server versión 6.0.2 e IBM Secure Proxy versión 6.0.2 son vulnerables a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a la enumeración de la red o facilitar otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/201777 https://www.ibm.com/support/pages/node/6471621 https://www.ibm.com/support/pages/node/6471623 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-29725
https://notcve.org/view.php?id=CVE-2021-29725
IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM Secure External Authentication Server versiones 2.4.3.2, 6.0.1, 6.0.2 e IBM Secure Proxy versiones 3.4.3.2, 6.0.1, 6.0.2, podrían permitir a un usuario remoto consumir recursos causando una denegación de servicio debido a una fuga de recursos • https://exchange.xforce.ibmcloud.com/vulnerabilities/201102 https://www.ibm.com/support/pages/node/6471577 https://www.ibm.com/support/pages/node/6471615 • CWE-770: Allocation of Resources Without Limits or Throttling •