Security Bulletin: IBM Sterling External Authentication Server is vuulnerable due to path-to-regexp (CVE-2024-45296).

Summary IBM Sterling External Authentication Server uses the npm path-to-regexp, which is vulnerable to CVE-2024-45296. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular...

CVE-2025-5777

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy OR AAA virtual server...

CVE-2024-47768

Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacke...

CVE-2024-46937

An improper access control IDOR vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server SAS 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the...

CVE-2024-8534

Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway VPN Vserver with RDP Feature enabled OR the appliance must be configured as a Gateway VPN Vserver and RDP Proxy Server Profile is created an...

CVE-2013-4098

ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote attackers to inject arbitrary error-page text via the message parameter...

CVE-2013-4097

ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message...

CVE-2019-9156

Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection...

CVE-2013-4096

ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOSTNAME field...

CVE-2019-15557

XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key...

CVE-2013-7292

VASCO IDENTIKEY Authentication Server IAS 3.4.x allows remote authenticated users to bypass Active Directory AD authentication by entering only a DIGIPASS one-time password, instead of the intended combination of this one-time password and a multiple-time AD password...

CVE-2025-46826

insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information name and number. However, the issue posed minimal risk, was never exploited, and had limited...

CVE-2025-46826

CVE-2025-46826 affects the insa-auth authentication server (INSA Rouen). The issue is a minor Open-Redirect/secondary authentication bridge exposure that could allow third-party websites to access basic student information (name and number). It posed low risk, was not exploited, and a fix was dep...

CVE-2025-46826 insa-auth Open-Redirect on provided CAS server login endpoint

insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information name and number. However, the issue posed minimal risk, was never exploited, and had limited...

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.0.11 Images Update

New images are available for Red Hat build of Keycloak 26.0.11 and Red Hat build of Keycloak 26.0.11 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.0.10 Images Update

New images are available for Red Hat build of Keycloak 26.0.10 and Red Hat build of Keycloak 26.0.10 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By...

CVE-2020-16102

Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable due to Axios vulnerability (CVE-2024-39338)

Summary IBM Sterling External Authentication Server SEAS uses Axios, which is vulnerable to Server-side Request Forgery SSRF. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get...