CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29728
https://notcve.org/view.php?id=CVE-2021-29728
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160. IBM Sterling Secure Proxy versiones 6.0.1, 6.0.2, 2.4.3.2 y 3.4.3.2, contiene credenciales embebidas, como una contraseña o una clave criptográfica, que usa para su propia autenticación de entrada, una comunicación de salida con componentes externos o el cifrado de datos internos. IBM X-Force ID: 201160. • https://exchange.xforce.ibmcloud.com/vulnerabilities/201160 https://www.ibm.com/support/pages/node/6484681 https://www.ibm.com/support/pages/node/6484685 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29723
https://notcve.org/view.php?id=CVE-2021-29723
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100. IBM Sterling Secure Proxy versiones 6.0.1, 6.0.2, 2.4.3.2 y 3.4.3.2, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-ForceID: 201100. • https://exchange.xforce.ibmcloud.com/vulnerabilities/201100 https://www.ibm.com/support/pages/node/6484681 https://www.ibm.com/support/pages/node/6484685 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29722
https://notcve.org/view.php?id=CVE-2021-29722
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095. IBM Sterling Secure Proxy versiones 6.0.1, 6.0.2, 2.4.3.2 y 3.4.3.2, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 201095. • https://exchange.xforce.ibmcloud.com/vulnerabilities/201095 https://www.ibm.com/support/pages/node/6484681 https://www.ibm.com/support/pages/node/6484685 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-29725
https://notcve.org/view.php?id=CVE-2021-29725
IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM Secure External Authentication Server versiones 2.4.3.2, 6.0.1, 6.0.2 e IBM Secure Proxy versiones 3.4.3.2, 6.0.1, 6.0.2, podrían permitir a un usuario remoto consumir recursos causando una denegación de servicio debido a una fuga de recursos • https://exchange.xforce.ibmcloud.com/vulnerabilities/201102 https://www.ibm.com/support/pages/node/6471577 https://www.ibm.com/support/pages/node/6471615 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.2EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4462
https://notcve.org/view.php?id=CVE-2020-4462
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181482. IBM Sterling External Authentication Server versiones 6.0.1, 6.0.0, 2.4.3.2 y 2.4.2 e IBM Sterling Secure Proxy versiones 6.0.1, 6.0.0, 3.4.3 y 3.4.2, son vulnerables a un ataque de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/181482 https://www.ibm.com/support/pages/node/6249317 https://www.ibm.com/support/pages/node/6249331 • CWE-611: Improper Restriction of XML External Entity Reference •