Lucene search
K

299 matches found

OSV
OSV
added 2023/09/05 12:15 a.m.5 views

CVE-2023-32338

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585...

5.5CVSS5.8AI score0.0018EPSS
Exploits0References4
CVE
CVE
added 2023/09/04 11:57 p.m.46 views

CVE-2023-32338

CVE-2023-32338 affects IBM Sterling Secure Proxy and IBM Sterling External Authentication Server (versions 6.0.3 and 6.1.0). The root cause is storing user credentials in plain text, readable by a local user with container access. Reported impact is credential disclosure with high confidentiality...

5.5CVSS4.9AI score0.0018EPSS
Exploits0References4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/31 7:12 p.m.41 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the...

9.8CVSS9.6AI score0.22709EPSS
Exploits3Affected Software1
CNNVD
CNNVD
added 2023/07/10 12:0 a.m.7 views

Citrix Systems Citrix Gateway和Citrix ADC 跨站脚本漏洞

Citrix Systems Citrix Gateway Citrix Systems NetScaler Gateway and Citrix ADC are both products of Citrix Systems, Inc.Citrix Gateway is a secure remote access solution. The product provides administrators with application-level and data-level controls to enable users to remotely access...

6.1CVSS6.6AI score0.80907EPSS
Exploits3References3
RedHat Linux
RedHat Linux
added 2023/05/10 2:30 p.m.32 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.3 for OpenShift image security update

A new image is available for Red Hat Single Sign-On 7.6.3, running on Red Hat OpenShift Container Platform from the release of 3.11 up to the release of 4.12.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base...

7.5CVSS6.7AI score0.02015EPSS
Exploits2References11
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/29 3:45 a.m.34 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerabl...

6.5CVSS6.4AI score0.03028EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/02/23 12:0 a.m.3 views

CVE-2023-20016

A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup...

6.5CVSS5.9AI score0.0011EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/02/21 12:0 a.m.9 views

The vulnerability of the IBM Sterling Secure Proxy proxy server and the IBM Sterling External Authentication Server (SEAS) authentication and authorization server, which stems from the use of cryptographic algorithms containing defects, allows attackers to gain unauthorized access to protected information.

The vulnerability of the IBM Sterling Secure Proxy proxy server and the IBM Sterling External Authentication Server SEAS authentication and authorization server lies in the use of cryptographic algorithms that have vulnerabilities during installation. Exploiting this vulnerability can allow a...

2.3CVSS6AI score0.00119EPSS
Exploits0References6Affected Software2
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.7 views

JSA10380 - Security Vulnerability in Pulse Policy Secure Platform's Radius Authentication Server used in a Realm not doing Radius Proxy.

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. When using a Radius authentication server in a realm configured with the "Do Not Proxy" option, an unauthenticated user may bypass the authentication step of the PPS login process. A b...

7.4AI score
Exploits0
Prion
Prion
added 2023/02/08 7:15 p.m.22 views

Authentication flaw

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373...

1.7CVSS5.8AI score0.00119EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2023/02/08 6:24 p.m.71 views

CVE-2022-35720

CVE-2022-35720 affects IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3, due to use of weaker-than-expected cryptographic algorithms during installation, which could let a local attacker decrypt sensitive information. Remediation references in IBM advisories s...

5.5CVSS4.2AI score0.00119EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/02/08 6:24 p.m.16 views

CVE-2022-35720 IBM Sterling External Authentication Server information disclosure

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373...

2.3CVSS6.2AI score0.00119EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/08 12:0 a.m.7 views

IBM Sterling External Authentication Server 加密问题漏洞

IBM Sterling External Authentication Server is a client application from International Business Machines IBM that enables extended authentication and verification services for IBM products. A cryptographic issue vulnerability exists in IBM Sterling External Authentication Server version 6.1.0, IB...

5.5CVSS6.6AI score0.00119EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 6:58 p.m.46 views

Security Bulletin: IBM Sterling External Authentication Server vulnerable to denial of service due to Apache Xerces2 (CVE-2022-23437)

Summary IBM Sterling External Authentication Server 6.0.3.0 contains Apache Xerces2, which is vulnerable to a denial of service attack. This vulnerability is addressed in the latest iFix. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a...

7.1CVSS6.5AI score0.0444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 2:51 p.m.34 views

Security Bulletin: Multiple vulnerabilities affect IBM Sterling External Authentication Server

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server. These vulnerabilities have been addressed in the latest iFix. Vulnerability Details CVEID:CVE-2021-33502 DESCRIPTION: Node.js normalize-url module is vulnerable to a denial of service, caused by a ReDoS regular...

7.5CVSS7.7AI score0.01705EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 2:18 p.m.110 views

Security Bulletin: IBM Sterling Secure Proxy vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy 6.0.3.0 and are addressed in the latest iFix. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading ...

7.1CVSS6.6AI score0.0444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/06 1:23 p.m.29 views

Security Bulletin: IBM Sterling External Authentication Server vulnerable to unspecified issue due to Java SE (CVE-2021-2163)

Summary A Java vulnerability affects IBM Sterling External Authentication Server. Issue has been addressed. Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no...

5.3CVSS5.4AI score0.03566EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2022/11/21 10:28 p.m.4 views

@falkor/falkor-auth-server (=1.1.1), @figedi/sentry-fastify (=1.0.6) +6 more potentially affected by CVE-2022-41919 via fastify (>=4.0.2 <=4.10.0)

fastify NPM version =4.0.2, =0.0.2, =0.0.16 - verdaccio =6.0.0-6-next.52 Source cves: CVE-2022-41919 Source advisory: OSV:GHSA-3FJJ-P79J-C9HH...

8.8CVSS7.2AI score0.00369EPSS
Exploits0
NVD
NVD
added 2022/10/06 6:16 p.m.67 views

CVE-2022-39273

FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...

7.5CVSS0.0067EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 3:31 a.m.22 views

Security Bulletin: Application not signed properly in IBM Sterling External Authentication Server (CVE-2013-0521)

Abstract IBM Sterling External Authentication Server is vulnerable to running untrusted code. Content VULNERABILITY DETAILS CVE ID: CVE-2013-0521 DESCRIPTION: Java Webstart App is not signed correctly The IBM Sterling External Authentication Server Webstart GUI is signed with a self-signed...

7.8CVSS5.4AI score0.05044EPSS
Exploits1Affected Software5
Rows per page
Query Builder