14 results (0.005 seconds)

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139. IBM Sterling Secure Proxy v6.0.3 y v6.1.0 podrían permitir a un usuario local con información específica sobre el sistema obtener información privilegiada debido a una limpieza inadecuada de la memoria durante las operaciones. ID de IBM X-Force: 252139. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252139 https://https://www.ibm.com/support/pages/node/7029765 https://www.ibm.com/support/pages/node/7029765 • CWE-922: Insecure Storage of Sensitive Information •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585. IBM Sterling Secure Proxy e IBM Sterling External Authentication Server v6.0.3 y v6.1.0 almacenan credenciales de usuario en texto claro que puede leer un usuario local con acceso al contenedor. IBM X-Force ID: 255585. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255585 https://https://www.ibm.com/support/pages/node/7029765 https://www.ibm.com/support/pages/node/7029765 https://www.ibm.com/support/pages/node/7029766 • CWE-522: Insufficiently Protected Credentials •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373. • https://www.ibm.com/support/pages/node/6890663 https://www.ibm.com/support/pages/node/6890669 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104. IBM Sterling Secure Proxy versión 6.0.3 e IBM Secure External Authentication Server versión 6.0.3, no garantizan apropiadamente que un certificado esté realmente asociado con el host debido a una comprobación incorrecta de los certificados. IBM X-Force ID: 201104 • https://exchange.xforce.ibmcloud.com/vulnerabilities/201104 https://www.ibm.com/support/pages/node/6586754 https://www.ibm.com/support/pages/node/6586756 • CWE-295: Improper Certificate Validation •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144. IBM Sterling External Authentication Server versiones 3.4.3.2, 6.0.2.0, y 6.0.3.0, es vulnerable a saltos de ruta, debido a que no son comprobados apropiadamente los datos de configuración RESTAPI. Un usuario autorizado podría importar datos no válidos que podrían ser usados para un ataque. • https://exchange.xforce.ibmcloud.com/vulnerabilities/220144 https://www.ibm.com/support/pages/node/6558928 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •