Lucene search

IBM910B155E44831A78BA2851AB27B56AC0DA1F3E90BEFC96D3A96488EE3693BD70

HistoryMay 16, 2022 - 9:21 p.m.

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to improper validation of certificates (CVE-2021-29726)

2022-05-1621:21:21

www.ibm.com

ibm sterling secure proxy

vulnerability

certificate validation

version 6.0.3

ifix 03

fix central

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

32.6%

JSON

Summary

IBM Sterling Secure Proxy does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates.

Vulnerability Details

CVEID:CVE-2021-29726
**DESCRIPTION:**IBM Sterling Secure Proxy does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201104 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Sterling Secure Proxy	6.0.3

Remediation/Fixes

Product	Version	iFix	Remediation Location
IBM Sterling Secure Proxy	6.0.3.0	iFix 03	Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsterling_secure_proxyMatch6.0.3

VendorProductVersionCPE
ibmsterling_secure_proxy6.0.3cpe:2.3:a:ibm:sterling_secure_proxy:6.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	sterling_secure_proxy	6.0.3	cpe:2.3:a:ibm:sterling_secure_proxy:6.0.3:::::::*

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

32.6%

JSON

Related for 910B155E44831A78BA2851AB27B56AC0DA1F3E90BEFC96D3A96488EE3693BD70