Lucene search
K

90 matches found

OSV
OSV
added 2022/02/23 8:15 p.m.4 views

CVE-2022-22333

IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned...

6.5CVSS6.9AI score0.00576EPSS
Exploits0References2
Prion
Prion
added 2022/02/23 8:15 p.m.16 views

Buffer overflow

IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned...

3.3CVSS6.5AI score0.00576EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2022/02/23 7:45 p.m.16 views

CVE-2022-22336

IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395...

7.5CVSS7.3AI score0.01968EPSS
Exploits0References2
CVE
CVE
added 2022/02/23 7:45 p.m.170 views

CVE-2022-22336

IBM Sterling External Authentication Server and IBM Sterling Secure Proxy are affected by CVE-2022-22336. The vulnerability allows a remote attacker to cause a denial of service through a resource leak in the affected components. Affected products/versions include IBM Sterling Secure Proxy 6.0.3....

7.5CVSS7.3AI score0.01968EPSS
Exploits0References2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 4:29 p.m.28 views

Security Bulletin: Multiple vulnerabilities were detected in IBM Sterling External Authentication Server (CVE-2022-22333, CVE-2022-22349)

Summary There are multiple vulnerabilities in IBM Sterling External Authentication Server detected by internal scans. IBM Sterling External Authentication Server has addressed the applicable vulnerabilities. Vulnerability Details CVEID: CVE-2022-22333 DESCRIPTION: IBM Sterling Secure Proxy and IB...

6.5CVSS6AI score0.00985EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2022/02/23 12:0 a.m.5 views

IBM Sterling Secure Proxy 安全漏洞

IBM Sterling Secure Proxy, an IBM application proxy for securing file transfers in an organization's unprotected zone DMZ, secures trusted zones with multi-factor authentication, SSL session interruption, inbound firewall vulnerability patching, protocol checking, and other controls.IBM Sterling...

6.5CVSS5.6AI score0.00576EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/02/22 12:0 a.m.7 views

CVE-2022-22333

IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned...

6.5CVSS7AI score0.00576EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/07 7:3 p.m.124 views

Security Bulletin: Apache Log4j vulnerability affects IBM Secure External Authentication Server (CVE-2021-4104)

Summary IBM Sterling External Authentication Server is vulnerable to an arbitrary code execution due to Apache Log4j, which is used for logging CVE-2021-44832. The fix upgrades all Apache Log4j 1.x to Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could...

10CVSS1.4AI score0.99999EPSS
Exploits358Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/07 5:9 p.m.61 views

Security Bulletin: Apache Log4j vulnerability affects IBM Sterling External Authentication Server (CVE-2021-44832)

Summary IBM Sterling External Authentication Server is vulnerable to an arbitrary code execution due to Apache Log4j, which is used for logging CVE-2021-44832. The fix includes Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker...

10CVSS1.7AI score0.99999EPSS
Exploits357Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/04 3:59 p.m.49 views

Security Bulletin: Multiple Vulnerabilities in Apache Log4j impact IBM Sterling External Authentication Server (CVE-2021-45105, CVE-2021-45046)

Summary IBM Sterling External Authentication Server is vulnerable to denial of service and arbitrary code execution due to Apache Log4j, which is used for logging CVE-2021-45105,CVE-2021-45046. The fix includes Apache Log4j 2.17.0. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache...

10CVSS1.9AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 9:23 p.m.77 views

Security Bulletin: Apache Log4j Vulnerability Affects IBM Secure External Authentication Server (CVE-2021-45046)

Summary Apache Log4j vulnerability CVE-2021-45046 was addressed by IBM Secure External Authentication Server. Customers are encourages to take action and apply the fix below. Vulnerability Details CVEID: CVE-2021-45046 DESCRIPTION: Apache Log4j could result in remote code execution, caused by an...

10CVSS1.5AI score0.99999EPSS
Exploits353Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 3:55 a.m.213 views

Security Bulletin: Apache Log4j Vulnerability Affects IBM Secure External Authentication Server (CVE-2021-44228)

Summary An Apache Log4j vulnerability allowing a remote attacker to execute arbitraty code on the system was addressed by IBM Secure External Authentication Server. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...

10CVSS1.6AI score0.99999EPSS
Exploits353Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/27 7:56 p.m.19 views

Security Bulletin: Multiple Vulnerabilities Affect IBM Secure External Authentication Server

Summary There are multiple vulnerabilities in IBM Secure External Authentication Server. IBM Secure External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-29722 DESCRIPTION: IBM Sterling Secure Proxy uses weaker than expected cryptographic algorith...

7.5CVSS0.9AI score0.0099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/27 7:47 p.m.37 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime Affect IBM Sterling External Authentication Server

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified...

9.8CVSS1.6AI score0.02296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:6 a.m.33 views

Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server

Summary There are multiple vulnerabilities in IBM Secure External Authentication Server. IBM Secure External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-29749 DESCRIPTION: IBM Sterling Secure Proxy is vulnerable to server-side request forgery SSR...

7.5CVSS1.3AI score0.03334EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:6 a.m.48 views

Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server

Summary There are multiple vulnerabilities in IBM Secure External Authentication Server. IBM Secure External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-29725 DESCRIPTION: IBM Sterling Secure Proxy could allow a remote user to consume resources...

7.5CVSS0.6AI score0.7795EPSS
Exploits1Affected Software1
NVD
NVD
added 2021/07/15 4:15 p.m.16 views

CVE-2021-29725

IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak...

7.5CVSS0.02937EPSS
Exploits0References3
OSV
OSV
added 2021/07/15 4:15 p.m.5 views

CVE-2021-29725

IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak...

7.5CVSS5.6AI score0.02937EPSS
Exploits0References3
NVD
NVD
added 2021/07/15 4:15 p.m.23 views

CVE-2021-29749

IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-For...

6.5CVSS0.00833EPSS
Exploits0References3
CVE
CVE
added 2021/07/15 4:0 p.m.52 views

CVE-2021-29749

IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 are affected by a server-side request forgery (SSRF). An authenticated attacker could trigger unauthorized requests from the system, potentially enabling network enumeration or related attacks. CVSS v3 base score is 6.5 (A...

6.5CVSS5.6AI score0.00833EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder