CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46182 – IBM Secure Proxy cross-site scripting
https://notcve.org/view.php?id=CVE-2023-46182
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269692. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269692 https://www.ibm.com/support/pages/node/7142038 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32338 – IBM Sterling Secure Proxy information disclosure
https://notcve.org/view.php?id=CVE-2023-32338
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585. IBM Sterling Secure Proxy e IBM Sterling External Authentication Server v6.0.3 y v6.1.0 almacenan credenciales de usuario en texto claro que puede leer un usuario local con acceso al contenedor. IBM X-Force ID: 255585. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255585 https://https://www.ibm.com/support/pages/node/7029765 https://www.ibm.com/support/pages/node/7029765 https://www.ibm.com/support/pages/node/7029766 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2022-34362 – IBM Sterling Secure Proxy HOST header injection
https://notcve.org/view.php?id=CVE-2022-34362
IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523. • https://exchange.xforce.ibmcloud.com/vulnerabilities/230523 https://www.ibm.com/support/pages/node/6890663 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-35720 – IBM Sterling External Authentication Server information disclosure
https://notcve.org/view.php?id=CVE-2022-35720
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373. • https://www.ibm.com/support/pages/node/6890663 https://www.ibm.com/support/pages/node/6890669 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-34361 – IBM Sterling Secure Proxy information disclosure
https://notcve.org/view.php?id=CVE-2022-34361
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522. IBM Sterling Secure Proxy 6.0.3 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 230522. • https://exchange.xforce.ibmcloud.com/vulnerabilities/230522 https://www.ibm.com/support/pages/node/6844763 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •