14 matches found
EUVD-2021-16199
Malware in sbrugna...
EUVD-2021-16223
Malware in sbrugna...
Security Bulletin: Apache Log4j Vulnerability Afffects IBM Secure Proxy (CVE-2021-45046)
Summary An Apache Log4j vulnerability allowing a remote attacker to execute arbitrary code on the system was addressed by IBM Secure Proxy. Vulnerability Details CVEID: CVE-2021-45046 DESCRIPTION: Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in...
Security Bulletin: Apache Log4j Vulnerability Affects IBM Secure Proxy (CVE-2021-44228)
Summary An Apache Log4j vulnerability allowing a remote attacker to execute arbitraty code on the system was addressed by IBM Secure Proxy. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the...
Security Bulletin: Container Environment Vulnerabilities Affect IBM Secure Proxy (CVE-2020-14298, CVE-2020-14300)
Summary There are multiple container environment vulnerabilities in IBM Secure Proxy. IBM Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14298 DESCRIPTION: runc could allow a local attacker to bypass security restrictions, caused by a flaw in the usage of...
Security Bulletin: Multiple Vulnerabilities Affect IBM Secure Proxy
Summary There are multiple vulnerabilities in IBM Secure Proxy. IBM Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-29723 DESCRIPTION: IBM Sterling Secure Proxy uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly...
Security Bulletin: Vulnerabilities in IBM Java Runtime Affect IBM Sterling Secure Proxy (CVE-2020-27221, CVE-2020-14782)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. IBM Sterling Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer...
Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure Proxy
Summary There are multiple vulnerabilities in IBM Secure Proxy. IBM Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-29725 DESCRIPTION: IBM Sterling Secure Proxy could allow a remote user to consume resources causing a denial of service due to a resource leak...
CVE-2021-29749
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-For...
Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Sterling Secure Proxy (CVE-2020-27216)
Summary A vulnerability allowing Eclipse Jetty to gain elevated privileges was addressed by IBM Sterling Secure Proxy. Vulnerability Details CVEID: CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race...
Security Bulletin: Vulnerability in Apache Commons Codec Affects IBM Sterling Secure Proxy
Summary An Apache Commons Codec vulnerability for validating input was addressed by IBM Sterling Secure Proxy. Vulnerability Details Third Party Entry: 177835 DESCRIPTION: Apache Commons Codec information disclosure CVSS Base score: 7.5 CVSS Temporal Score: See:...
Security Bulletin: Missing Cookie Attribute Vulnerability Affects IBM Secure Proxy
Summary IBM Secure Proxy has corrected the missing secure attribute in encrypted session SSL cookies from the impacted session. Vulnerability Details Third Party Entry: PSIRT-ADV0022033 DESCRIPTION: Created from Advisory: ADV0022033 CVSS Base score: 4.3 CVSS Vector:...
Security Bulletin: IBM Java Runtime Vulnerability Affects IBM Secure Proxy (CVE-2020-2654)
Summary IBM Secure Proxy has addressed the applicable vulnerability in IBM® Runtime Environment Java™ Version 1.8. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to...
Security Bulletin: XML External Entity Injection (XXE) Vulnerability Affects IBM Secure Proxy (CVE-2020-4462)
Summary An XXE vulnerability was addressed by IBM Secure Proxy. Vulnerability Details CVEID: CVE-2020-4462 DESCRIPTION: IBM Sterling External Authentication Server and IBM Sterling Secure Proxy is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacke...