CVE-2022-20914

A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...

CVE-2022-20914 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...

CVE-2022-20914

A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...

CVE-2022-31145 Insufficient AccessToken Expiration Check in FlyteAdmin

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. In versions 1.1.30 and prior, authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Users who use FlyteAdmin...

PT-2022-6309 · Ibm · Ibm Sterling Secure Proxy +1

Name of the Vulnerable Software and Affected Versions: IBM Sterling External Authentication Server version 6.1.0 IBM Sterling Secure Proxy version 6.0.3 Description: The issue is related to the use of weaker than expected cryptographic algorithms during installation, which could allow a local...

Cisco Secure Email and Web Manager (SMA) Information Disclosure (cisco-sa-esasma-info-dsc-Q9tLuOvM)

According to its self-reported version, Cisco Secure Email and Web Manager SMA is affected by an information disclosure vulnerability in the web management interface. This could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol...

Vulnerabilities fixed in Cisco Email Security Appliance, Secure Email and Web Manager

Vulnerabilities have been fixed in Cisco Email Security Appliance and Cisco Secure Email and Web Manager. The vulnerability with reference CVE-2022-20798 allows an unauthenticated remote malicious person able to bypass authentication bypass authentication and thereby log into the Web management...

CVE-2022-20664

A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance SMA, and Cisco Email Security Appliance ESA could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access...

Input validation

IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104...

CVE-2021-29726

CVE-2021-29726 affects IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3. The issue is improper validation leading to a certificate not being properly associated with the host (trust management/certificate validation bypass). Reported base CVSS v3.1/3.0 scores ar...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to improper validation of certificates

Summary IBM Sterling External Authentication Server does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. Vulnerability Details CVEID: CVE-2021-29726 DESCRIPTION: IBM Sterling Secure Proxy does not properly ensure that a...

GHSA-RC2R-W8JV-VGGP Cloud Foundry vulnerable to Improper Certificate Validation

Pivotal Cloud Foundry 239 and earlier, UAA aka User Account and Authentication Server 3.4.1 and earlier, UAA release 12.2 and earlier, PCF aka Pivotal Cloud Foundry Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired...

YubiKey 安全漏洞

Yubico YubiKey is a hardware authentication device from the Swedish company Yubico. A security vulnerability exists in Yubico YubiKey that stems from incorrect access control of the Yubico OTP function and the Yubico OTP authentication server...

CVE-2022-22349

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...

Path traversal

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...

CVE-2022-22349

CVE-2022-22349 affects IBM Sterling External Authentication Server, with vulnerable versions 3.4.3.2, 6.0.2.0, and 6.0.3.0. The root cause is improper validation of RESTAPI configuration data, enabling an authorized user to import invalid data that could be used for an attack via path traversal. ...

CVE-2022-22349

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...

CVE-2022-22336

IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395...

CVE-2022-22333

IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned...