335 matches found
CVE-2023-47162
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270973...
CVE-2023-46181
CVE-2023-46181 affects IBM Sterling Secure Proxy versions 6.0.3 and 6.1.0. The issue allows web pages to be stored locally and read by another user on the same system (information disclosure). Remediation: upgrade to IBM Sterling Secure Proxy iFix 11 (for 6.0.3) or iFix 03 (for 6.1.0) per IBM. Ot...
CVE-2023-46181 IBM Secure Proxy information disclosure
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686...
CVE-2023-46181 IBM Secure Proxy information disclosure
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686...
CVE-2023-47699 IBM Secure Proxy cross-site scripting
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270974...
CVE-2023-47699 IBM Secure Proxy cross-site scripting
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270974...
CVE-2023-47699
CVE-2023-47699 affects IBM Sterling Secure Proxy versions 6.0.3 and 6.1.0. A cross-site scripting vulnerability in the Web UI could let an attacker embed arbitrary JavaScript, potentially leading to credential disclosure within a trusted session. The NVD/IBM entries list a base score of 6.1 (Medi...
CVE-2023-47147
IBM Sterling Secure Proxy versions 6.0.3 and 6.1.0 are affected by a vulnerability that could allow an attacker to overwrite a log message under specific conditions. The issue is addressed by upgrading to iFix 11 for 6.0.3 and iFix 03 for 6.1.0. Remediation details are provided in IBM’s advisorie...
CVE-2023-47147 IBM Secure Proxy file manipulation
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598...
CVE-2023-46179 IBM Secure Proxy information disclosure
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure...
CVE-2023-46179 IBM Secure Proxy information disclosure
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure...
CVE-2023-46179
IBM Sterling Secure Proxy is affected on versions 6.0.3 and 6.1.0 by a vulnerability where authorization tokens or session cookies lack the secure attribute. The issue lets an attacker potentially obtain cookie values by tricking a user into visiting a http link or via a site the user visits, ena...
CVE-2023-47162 IBM Secure Proxy cross-site scripting
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270973...
CVE-2023-47162 IBM Secure Proxy cross-site scripting
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270973...
CVE-2023-47162
CVE-2023-47162 affects IBM Sterling Secure Proxy versions 6.0.3 and 6.1.0 and is a cross-site scripting vulnerability in the Web UI that could allow embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The connected IBM and CNVD entries confirm t...
CVE-2023-46182
CVE-2023-46182 affects IBM Sterling Secure Proxy 6.0.3 and 6.1.0. The issue is a cross-site scripting vulnerability in the Web UI that lets an attacker embed arbitrary JavaScript, potentially leading to credential disclosure within a trusted session. Accessible in the Web UI, the vulnerability’s ...
CVE-2023-46182 IBM Secure Proxy cross-site scripting
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269692...
IBM Sterling Secure Proxy 跨站脚本漏洞
IBM Sterling Secure Proxy is an application proxy from International Business Machines IBM that is used to ensure the secure transfer of files in an organization's unprotected zone DMZ. A cross-site scripting vulnerability exists in IBM Sterling Secure Proxy versions 6.0.3 and 6.1.0, which stems...
PT-2024-13474 · Ibm · Ibm Sterling Secure Proxy
Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy versions 6.0.3 through 6.1.0 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trust...
IBM Sterling Secure Proxy Security Vulnerability
IBM Sterling Secure Proxy is an application proxy from International Business Machines IBM used to ensure the secure transfer of files in an organization's unprotected zone DMZ. A security vulnerability exists in IBM Sterling Secure Proxy versions 6.0.3 and 6.1.0, which stems from a vulnerability...