296 matches found
CVE-2021-29749
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-For...
CVE-2021-29725
IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak...
CVE-2021-29749
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-For...
CVE-2021-29725
IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak...
CVE-2021-29749
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 are affected by a server-side request forgery (SSRF). An authenticated attacker could trigger unauthorized requests from the system, potentially enabling network enumeration or related attacks. CVSS v3 base score is 6.5 (A...
CVE-2021-29725
IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak...
CVE-2021-29725
CVE-2021-29725 affects IBM Secure External Authentication Server (versions 2.4.3.2, 6.0.1, 6.0.2) and IBM Secure Proxy (versions 3.4.3.2, 6.0.1, 6.0.2). The issue is a resource leak that could allow a remote attacker to exhaust resources and cause a denial of service. Connected IBM advisories ide...
PT-2021-18449 · Ibm · Ibm Secure Proxy +1
Name of the Vulnerable Software and Affected Versions: IBM Secure External Authentication Server version 6.0.2 IBM Secure Proxy version 6.0.2 Description: The issue allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or...
Matrix Sydent 资源管理错误漏洞
Matrix Sydent is an implementation of the Matrix Authentication Server API from the Matrix.org Foundation in the UK. Sydent suffers from a resource management error vulnerability that results in memory exhaustion and denial of service...
Cell Phone Location Privacy
We all know that our cell phones constantly give our location away to our mobile network operators; that’s how they work. A group of researchers has figured out a way to fix that. “Pretty Good Phone Privacy” PGPP protects both user identity and user location using the existing cellular networks. ...
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling External Authentication Server
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified...
Security Bulletin: An Eclipse Jetty Vulnerability Affects IBM Sterling Secure External Authentication Server (CVE-2020-27216)
Summary A vulnerability allowing Eclipse Jetty to gain elevated privileges was addressed by IBM Sterling Secure External Authentication Server. Vulnerability Details CVEID: CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.4.4 on OpenJDK for OpenShift image security update
A new image is available for Red Hat Single Sign-On 7.4.4 on OpenJDK, running on OpenShift Container Platform of versions 3.10, 3.11, up to the 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy Memory Corruption Vulnerability
IBM Sterling External Authentication Server is a client application from IBM USA that enables extended authentication and verification services for IBM products.IBM Sterling Secure Proxy is an Application Proxy. A memory corruption vulnerability exists in IBM Sterling External Authentication Serv...
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling External Authentication Server
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-4473 DESCRIPTION: Multiple binaries in...
Security Bulletin: Multiple Eclipse Jetty Vulnerabilities Affect IBM Sterling Secure External Authentication Server
Summary Three Eclipse Jetty vulnerabilities were addressed by IBM Sterling Secure External Authentication Server. Vulnerability Details CVE-ID: CVE-2019-10241 Description: Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServl...
Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling External Authentication Server
Summary A vulnerability exists in IBM R Runtime Environment Java TM Version 1.8 used by IBM Sterling External Authentication Server. The issue was disclosed as part of the IBM Java SDK updates in April 2018. Vulnerability Details CVEID: CVE-2018-2783 DESCRIPTION: An unspecified vulnerability in...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling External Authentication Server
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-4732 DESCRIPTION: IBM SDK, Java...
Security Bulletin: : HTTP Header Weakness Affects IBM Secure External Authentication Server
Summary IBM Secure External Authentication Server has been updated to send a proper Content-Security-Policy Header. Vulnerability Details Third Party Entry: PSIRT-ADV0022035 DESCRIPTION: Created from Advisory: ADV0022035 CVSS Base score: 3.1 CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling External Authentication Server
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified...