CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22349
https://notcve.org/view.php?id=CVE-2022-22349
24 Feb 2022 — IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144. IBM Sterling External Authentication Server versiones 3.4.3.2, 6.0.2.0, y 6.0.3.0, es vulnerable a saltos de ruta, debido a que no son comprobados apropiadamente los datos de configuración RESTAPI. Un usuario autorizado podría importar datos... • https://exchange.xforce.ibmcloud.com/vulnerabilities/220144 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22336
https://notcve.org/view.php?id=CVE-2022-22336
23 Feb 2022 — IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395. IBM Sterling External Authentication Server e IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0 y 3.4.3.2 podrían permitir a un usuario remoto consumir recursos causando una denegación de servicio debido a una fuga de recursos. ID de IBM X-Force: 219395 • https://exchange.xforce.ibmcloud.com/vulnerabilities/219395 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22333
https://notcve.org/view.php?id=CVE-2022-22333
23 Feb 2022 — IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133. IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, y 3.4.3.2 e IBM Sterling External Authentication Server so... • https://exchange.xforce.ibmcloud.com/vulnerabilities/219133 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29728
https://notcve.org/view.php?id=CVE-2021-29728
30 Aug 2021 — IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160. IBM Sterling Secure Proxy versiones 6.0.1, 6.0.2, 2.4.3.2 y 3.4.3.2, contiene credenciales embebidas, como una contraseña o una clave criptográfica, que usa para su propia autenticación de entrada, una comunicación de salida... • https://exchange.xforce.ibmcloud.com/vulnerabilities/201160 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29723
https://notcve.org/view.php?id=CVE-2021-29723
30 Aug 2021 — IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100. IBM Sterling Secure Proxy versiones 6.0.1, 6.0.2, 2.4.3.2 y 3.4.3.2, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-ForceID: 201100. • https://exchange.xforce.ibmcloud.com/vulnerabilities/201100 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29722
https://notcve.org/view.php?id=CVE-2021-29722
30 Aug 2021 — IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095. IBM Sterling Secure Proxy versiones 6.0.1, 6.0.2, 2.4.3.2 y 3.4.3.2, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 201095. • https://exchange.xforce.ibmcloud.com/vulnerabilities/201095 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-29725
https://notcve.org/view.php?id=CVE-2021-29725
15 Jul 2021 — IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM Secure External Authentication Server versiones 2.4.3.2, 6.0.1, 6.0.2 e IBM Secure Proxy versiones 3.4.3.2, 6.0.1, 6.0.2, podrían permitir a un usuario remoto consumir recursos causando una denegación de servicio debido a una fuga de recursos • https://exchange.xforce.ibmcloud.com/vulnerabilities/201102 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.2EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4462
https://notcve.org/view.php?id=CVE-2020-4462
16 Jul 2020 — IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181482. IBM Sterling External Authentication Server versiones 6.0.1, 6.0.0, 2.4.3.2 y 2.4.2 e IBM Sterling Secure Proxy versiones 6.0.1, 6.0.0, 3.4.3 y 3.4.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/181482 • CWE-611: Improper Restriction of XML External Entity Reference •