Lucene search
K

39 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 6:44 a.m.8 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that...

7.5CVSS5.9AI score0.02591EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/11 4:42 a.m.6 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to denial-of-service due to IBM Java Runtime

Summary A buffer-overflow flaw in the OMR component of the OpenJ9 JVM may allow a local attacker to inflict a denial-of-service by inducing a JVM crash. IBM Sterling External Authentication Server has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the...

9.8CVSS6AI score0.00491EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 8:55 p.m.23 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high...

7.5CVSS6.9AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/29 8:40 p.m.29 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no...

7.5CVSS6.1AI score0.01433EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/08 10:36 p.m.64 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in...

9.8CVSS9.1AI score0.99999EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/07 5:31 p.m.42 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter or...

9.8CVSS9.2AI score0.46836EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/31 7:12 p.m.41 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the...

9.8CVSS9.6AI score0.22709EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/29 3:45 a.m.34 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerabl...

6.5CVSS6.4AI score0.03028EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/02/08 7:15 p.m.8 views

CVE-2022-35720

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373...

5.5CVSS5.5AI score0.00119EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 2:51 p.m.34 views

Security Bulletin: Multiple vulnerabilities affect IBM Sterling External Authentication Server

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server. These vulnerabilities have been addressed in the latest iFix. Vulnerability Details CVEID:CVE-2021-33502 DESCRIPTION: Node.js normalize-url module is vulnerable to a denial of service, caused by a ReDoS regular...

7.5CVSS7.7AI score0.01705EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 2:18 p.m.110 views

Security Bulletin: IBM Sterling Secure Proxy vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy 6.0.3.0 and are addressed in the latest iFix. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading ...

7.1CVSS6.6AI score0.0444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 3:31 a.m.22 views

Security Bulletin: Application not signed properly in IBM Sterling External Authentication Server (CVE-2013-0521)

Abstract IBM Sterling External Authentication Server is vulnerable to running untrusted code. Content VULNERABILITY DETAILS CVE ID: CVE-2013-0521 DESCRIPTION: Java Webstart App is not signed correctly The IBM Sterling External Authentication Server Webstart GUI is signed with a self-signed...

7.8CVSS5.4AI score0.05044EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:13 p.m.26 views

Security Bulletin: Multiple security vulnerabilities addressed in IBM Sterling External Authentication Server (CVE-2013-0514, CVE-2013-0517)

Abstract IBM Sterling External Authentication Server is vulnerable to code execution and information disclosure attacks. Content VULNERABILITY DETAILS CVE ID: CVE-2013-0517 DESCRIPTION: OS Command Execution via Command Line Adapter Application allows the administrator to configure an OS command t...

7.8CVSS6.4AI score0.05044EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.24 views

Security Bulletin: Multiple JRE vulnerabilities addressed in IBM Sterling External Authentication Server (CVE-2013-1571, CVE-2013-1500, CVE-2013-0443, CVE-2013-0440, CVE-2013-0169)

Abstract The IBM JRE embedded in the IBM Sterling External Authentication Server has security vulnerabilities in its Javadoc, and in SSL connections to the configuration GUI. Content VULNERABILITY DETAILS CVE ID: CVE-2013-1571 DESCRIPTION: The Javadoc documentation generated for the Sterling...

7.8CVSS7.9AI score0.66817EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/16 9:36 p.m.42 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified...

7.1CVSS2.3AI score0.06868EPSS
Exploits0Affected Software1
NVD
NVD
added 2022/02/24 5:15 p.m.11 views

CVE-2022-22349

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...

4.3CVSS0.00985EPSS
Exploits0References2
Prion
Prion
added 2022/02/24 5:15 p.m.21 views

Path traversal

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...

4CVSS4.9AI score0.00985EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 4:29 p.m.28 views

Security Bulletin: Multiple vulnerabilities were detected in IBM Sterling External Authentication Server (CVE-2022-22333, CVE-2022-22349)

Summary There are multiple vulnerabilities in IBM Sterling External Authentication Server detected by internal scans. IBM Sterling External Authentication Server has addressed the applicable vulnerabilities. Vulnerability Details CVEID: CVE-2022-22333 DESCRIPTION: IBM Sterling Secure Proxy and IB...

6.5CVSS6AI score0.00985EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/07 5:9 p.m.61 views

Security Bulletin: Apache Log4j vulnerability affects IBM Sterling External Authentication Server (CVE-2021-44832)

Summary IBM Sterling External Authentication Server is vulnerable to an arbitrary code execution due to Apache Log4j, which is used for logging CVE-2021-44832. The fix includes Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker...

10CVSS1.7AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/04 3:59 p.m.49 views

Security Bulletin: Multiple Vulnerabilities in Apache Log4j impact IBM Sterling External Authentication Server (CVE-2021-45105, CVE-2021-45046)

Summary IBM Sterling External Authentication Server is vulnerable to denial of service and arbitrary code execution due to Apache Log4j, which is used for logging CVE-2021-45105,CVE-2021-45046. The fix includes Apache Log4j 2.17.0. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache...

10CVSS1.9AI score0.99999EPSS
Exploits353Affected Software1
Rows per page
Query Builder