296 matches found
CVE-2021-29725
IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak...
CVE-2021-29749
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-For...
CVE-2021-29725
IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak...
CVE-2021-29749
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-For...
CVE-2021-29749
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 are affected by a server-side request forgery (SSRF). An authenticated attacker could trigger unauthorized requests from the system, potentially enabling network enumeration or related attacks. CVSS v3 base score is 6.5 (A...
CVE-2021-29725
CVE-2021-29725 affects IBM Secure External Authentication Server (versions 2.4.3.2, 6.0.1, 6.0.2) and IBM Secure Proxy (versions 3.4.3.2, 6.0.1, 6.0.2). The issue is a resource leak that could allow a remote attacker to exhaust resources and cause a denial of service. Connected IBM advisories ide...
CVE-2021-29725
IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak...
PT-2021-18449 · Ibm · Ibm Secure Proxy +1
Name of the Vulnerable Software and Affected Versions: IBM Secure External Authentication Server version 6.0.2 IBM Secure Proxy version 6.0.2 Description: The issue allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or...
Matrix Sydent 资源管理错误漏洞
Matrix Sydent is an implementation of the Matrix Authentication Server API from the Matrix.org Foundation in the UK. Sydent suffers from a resource management error vulnerability that results in memory exhaustion and denial of service...
Cell Phone Location Privacy
We all know that our cell phones constantly give our location away to our mobile network operators; that’s how they work. A group of researchers has figured out a way to fix that. “Pretty Good Phone Privacy” PGPP protects both user identity and user location using the existing cellular networks. ...
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling External Authentication Server
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified...
Security Bulletin: An Eclipse Jetty Vulnerability Affects IBM Sterling Secure External Authentication Server (CVE-2020-27216)
Summary A vulnerability allowing Eclipse Jetty to gain elevated privileges was addressed by IBM Sterling Secure External Authentication Server. Vulnerability Details CVEID: CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.4.4 on OpenJDK for OpenShift image security update
A new image is available for Red Hat Single Sign-On 7.4.4 on OpenJDK, running on OpenShift Container Platform of versions 3.10, 3.11, up to the 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy Memory Corruption Vulnerability
IBM Sterling External Authentication Server is a client application from IBM USA that enables extended authentication and verification services for IBM products.IBM Sterling Secure Proxy is an Application Proxy. A memory corruption vulnerability exists in IBM Sterling External Authentication Serv...
Security Bulletin: Multiple Eclipse Jetty Vulnerabilities Affect IBM Sterling Secure External Authentication Server
Summary Three Eclipse Jetty vulnerabilities were addressed by IBM Sterling Secure External Authentication Server. Vulnerability Details CVE-ID: CVE-2019-10241 Description: Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServl...
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling External Authentication Server
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-4473 DESCRIPTION: Multiple binaries in...
Security Bulletin: IBM Java Runtime Vulnerability Affects IBM Sterling External Authentication Server (CVE-2020-2781)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-2781 DESCRIPTION: An unspecified...
Security Bulletin: : HTTP Header Weakness Affects IBM Secure External Authentication Server
Summary IBM Secure External Authentication Server has been updated to send a proper Content-Security-Policy Header. Vulnerability Details Third Party Entry: PSIRT-ADV0022035 DESCRIPTION: Created from Advisory: ADV0022035 CVSS Base score: 3.1 CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A...
Security Bulletin: IBM Java Runtime Vulnerability Affects IBM Secure External Authentication Server (CVE-2020-2654)
Summary IBM Secure External Authentication Server has addressed the applicable vulnerability in IBM® Runtime Environment Java™ Version 1.8 . Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an...
Security Bulletin: Multiple Vulnerabilities affect IBM Sterling External Authentication Server
Summary Three Eclipse Jetty request smuggling vulnerabilities were addressed by IBM Sterling External Authentication Server. Vulnerability Details CVE-ID: CVE-2017-7656 Description: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw in the HTTP/1.x Parser. By sending a...