CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41783 – IBM Sterling Secure Proxy improper input validation
https://notcve.org/view.php?id=CVE-2024-41783
19 Jan 2025 — IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of a specified type of input. • https://www.ibm.com/support/pages/node/7176189 •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38337 – IBM Sterling Secure Proxy improper input validation
https://notcve.org/view.php?id=CVE-2024-38337
19 Jan 2025 — IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments. • https://www.ibm.com/support/pages/node/7179166 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41784 – IBM Sterling Secure Proxy directory traversal
https://notcve.org/view.php?id=CVE-2024-41784
15 Nov 2024 — IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the system. • https://www.ibm.com/support/pages/node/7173631 • CWE-32: Path Traversal: '...' (Triple Dot) •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46181 – IBM Secure Proxy information disclosure
https://notcve.org/view.php?id=CVE-2023-46181
15 Mar 2024 — IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 permite que las páginas web se almacenen localmente y que otro usuario del sistema pueda leerlas. ID de IBM X-Force: 269686. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269686 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47699 – IBM Secure Proxy cross-site scripting
https://notcve.org/view.php?id=CVE-2023-47699
15 Mar 2024 — IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270974. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funci... • https://exchange.xforce.ibmcloud.com/vulnerabilities/270974 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47147 – IBM Secure Proxy file manipulation
https://notcve.org/view.php?id=CVE-2023-47147
15 Mar 2024 — IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 podría permitir a un atacante sobrescribir un mensaje de registro en condiciones específicas. ID de IBM X-Force: 270598. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270598 • CWE-73: External Control of File Name or Path •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46179 – IBM Secure Proxy information disclosure
https://notcve.org/view.php?id=CVE-2023-46179
15 Mar 2024 — IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 no establece el atributo seguro en tokens de autorización o cookies de s... • https://exchange.xforce.ibmcloud.com/vulnerabilities/269683 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47162 – IBM Secure Proxy cross-site scripting
https://notcve.org/view.php?id=CVE-2023-47162
15 Mar 2024 — IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270973. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funci... • https://exchange.xforce.ibmcloud.com/vulnerabilities/270973 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46182 – IBM Secure Proxy cross-site scripting
https://notcve.org/view.php?id=CVE-2023-46182
15 Mar 2024 — IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269692. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funci... • https://exchange.xforce.ibmcloud.com/vulnerabilities/269692 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32338 – IBM Sterling Secure Proxy information disclosure
https://notcve.org/view.php?id=CVE-2023-32338
04 Sep 2023 — IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585. IBM Sterling Secure Proxy e IBM Sterling External Authentication Server v6.0.3 y v6.1.0 almacenan credenciales de usuario en texto claro que puede leer un usuario local con acceso al contenedor. IBM X-Force ID: 255585. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255585 • CWE-522: Insufficiently Protected Credentials •