752 matches found
IBM Sterling Secure Proxy Configuration Manager Man-in-the-Middle Attack Vulnerability
IBM Sterling Secure Proxy SSP is an unprotected zone DMZ-based application proxy from IBM USA that protects file transfers from the public Internet.Configuration Manager is one of the configuration management components. A man-in-the-middle attack vulnerability exists in Configuration Manager in...
IBM Sterling Secure Proxy Configuration Manager Information Disclosure Vulnerability
IBM Sterling Secure Proxy SSP is an unprotected zone DMZ-based application proxy from IBM USA that protects file transfers from the public Internet.Configuration Manager is one of the configuration management components. An information disclosure vulnerability exists in Configuration Manager in I...
IBM Sterling Secure Proxy Configuration Manager Directory Traversal Vulnerability
IBM Sterling Secure Proxy SSP is an unprotected zone DMZ-based application proxy from IBM USA that protects file transfers from the public Internet.Configuration Manager is one of the configuration management components. A directory traversal vulnerability exists in Configuration Manager in IBM...
CVE-2016-6027
The Configuration Manager in IBM Sterling Secure Proxy SSP 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP...
CVE-2016-6027
The Configuration Manager in IBM Sterling Secure Proxy SSP 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP...
CVE-2016-6026
The Configuration Manager in IBM Sterling Secure Proxy SSP 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST...
CVE-2016-6026
The Configuration Manager in IBM Sterling Secure Proxy SSP 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST...
CVE-2016-6025
The Configuration Manager in IBM Sterling Secure Proxy SSP 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL...
CVE-2016-6023
Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy SSP 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL...
CVE-2016-6023
Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy SSP 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL...
Information disclosure
The Configuration Manager in IBM Sterling Secure Proxy SSP 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST...
Design/Logic Flaw
The Configuration Manager in IBM Sterling Secure Proxy SSP 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP...
Default configuration
The Configuration Manager in IBM Sterling Secure Proxy SSP 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL...
Directory traversal
Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy SSP 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL...
CVE-2016-6025
The Configuration Manager in IBM Sterling Secure Proxy SSP 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL...
CVE-2016-6026
The Configuration Manager in IBM Sterling Secure Proxy SSP 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST...
CVE-2016-6025
CVE-2016-6025 affects IBM Sterling Secure Proxy (SSP) Configuration Manager. The issue occurs in SSP versions 3.4.2 before iFix 8 and 3.4.3 before iFix 1, where a post-logoff session-reuse attack via a modified URL could allow remote attackers to obtain access. The vulnerability is tied to the Co...
CVE-2016-6027
CVE-2016-6027 affects IBM Sterling Secure Proxy Configuration Manager (SSP CM). The issue is that HSTS protection was not enabled in SSP Configuration Manager, making it possible for an attacker to obtain sensitive information or modify data by exploiting HTTP instead of HTTPS. Affected versions ...
CVE-2016-6026
The CVE-2016-6026 issue affects IBM Sterling Secure Proxy Configuration Manager in SSP, specifically the Configuration Manager component. Affected versions are IBM Sterling Secure Proxy 3.4.3 GA and 3.4.2 through 3.4.2.0 with iFix levels (3.4.3.0 iFix 1; 3.4.2.0 iFix 7). The vulnerability allows ...
CVE-2016-4368
HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC library...