CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46182 – IBM Secure Proxy cross-site scripting
https://notcve.org/view.php?id=CVE-2023-46182
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269692. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269692 https://www.ibm.com/support/pages/node/7142038 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32338 – IBM Sterling Secure Proxy information disclosure
https://notcve.org/view.php?id=CVE-2023-32338
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585. IBM Sterling Secure Proxy e IBM Sterling External Authentication Server v6.0.3 y v6.1.0 almacenan credenciales de usuario en texto claro que puede leer un usuario local con acceso al contenedor. IBM X-Force ID: 255585. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255585 https://https://www.ibm.com/support/pages/node/7029765 https://www.ibm.com/support/pages/node/7029765 https://www.ibm.com/support/pages/node/7029766 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22336
https://notcve.org/view.php?id=CVE-2022-22336
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395. IBM Sterling External Authentication Server e IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0 y 3.4.3.2 podrían permitir a un usuario remoto consumir recursos causando una denegación de servicio debido a una fuga de recursos. ID de IBM X-Force: 219395 • https://exchange.xforce.ibmcloud.com/vulnerabilities/219395 https://www.ibm.com/support/pages/node/6558796 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22333
https://notcve.org/view.php?id=CVE-2022-22333
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133. IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, y 3.4.3.2 e IBM Sterling External Authentication Server son vulnerables a un desbordamiento de búfer, debido a que la interfaz gráfica de usuario basada en Jetty en la Secure Zone no valida correctamente los tamaños del contenido del formulario y/o las cabeceras HTTP enviadas. Un atacante local situado dentro de la Zona Segura podría enviar una solicitud HTTP especialmente diseñada para interrumpir el servicio. • https://exchange.xforce.ibmcloud.com/vulnerabilities/219133 https://www.ibm.com/support/pages/node/6558796 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •