EUVD-2021-16223

Malware in sbrugna...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to improper validation of certificates

Summary IBM Sterling External Authentication Server does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. Vulnerability Details CVEID: CVE-2021-29726 DESCRIPTION: IBM Sterling Secure Proxy does not properly ensure that a...

Security Bulletin: Apache Log4j vulnerability affects IBM Secure External Authentication Server (CVE-2021-4104)

Summary IBM Sterling External Authentication Server is vulnerable to an arbitrary code execution due to Apache Log4j, which is used for logging CVE-2021-44832. The fix upgrades all Apache Log4j 1.x to Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could...

Security Bulletin: Apache Log4j Vulnerability Affects IBM Secure External Authentication Server (CVE-2021-45046)

Summary Apache Log4j vulnerability CVE-2021-45046 was addressed by IBM Secure External Authentication Server. Customers are encourages to take action and apply the fix below. Vulnerability Details CVEID: CVE-2021-45046 DESCRIPTION: Apache Log4j could result in remote code execution, caused by an...

Security Bulletin: Apache Log4j Vulnerability Affects IBM Secure External Authentication Server (CVE-2021-44228)

Summary An Apache Log4j vulnerability allowing a remote attacker to execute arbitraty code on the system was addressed by IBM Secure External Authentication Server. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...

Security Bulletin: Multiple Vulnerabilities Affect IBM Secure External Authentication Server

Summary There are multiple vulnerabilities in IBM Secure External Authentication Server. IBM Secure External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-29722 DESCRIPTION: IBM Sterling Secure Proxy uses weaker than expected cryptographic algorith...

Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server

Summary There are multiple vulnerabilities in IBM Secure External Authentication Server. IBM Secure External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-29749 DESCRIPTION: IBM Sterling Secure Proxy is vulnerable to server-side request forgery SSR...

Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server

Summary There are multiple vulnerabilities in IBM Secure External Authentication Server. IBM Secure External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-29725 DESCRIPTION: IBM Sterling Secure Proxy could allow a remote user to consume resources...

CVE-2021-29749

IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-For...

CVE-2021-29725

IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak...

CVE-2021-29725

CVE-2021-29725 affects IBM Secure External Authentication Server (versions 2.4.3.2, 6.0.1, 6.0.2) and IBM Secure Proxy (versions 3.4.3.2, 6.0.1, 6.0.2). The issue is a resource leak that could allow a remote attacker to exhaust resources and cause a denial of service. Connected IBM advisories ide...

Security Bulletin: An Eclipse Jetty Vulnerability Affects IBM Sterling Secure External Authentication Server (CVE-2020-27216)

Summary A vulnerability allowing Eclipse Jetty to gain elevated privileges was addressed by IBM Sterling Secure External Authentication Server. Vulnerability Details CVEID: CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the...

Security Bulletin: Multiple Eclipse Jetty Vulnerabilities Affect IBM Sterling Secure External Authentication Server

Summary Three Eclipse Jetty vulnerabilities were addressed by IBM Sterling Secure External Authentication Server. Vulnerability Details CVE-ID: CVE-2019-10241 Description: Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServl...

Security Bulletin: IBM Java Runtime Vulnerability Affects IBM Secure External Authentication Server (CVE-2020-2654)

Summary IBM Secure External Authentication Server has addressed the applicable vulnerability in IBM® Runtime Environment Java™ Version 1.8 . Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an...

Security Bulletin: XML External Entity Injection (XXE) Vulnerability Affects IBM Secure External Authentication Server (CVE-2020-4462)

Summary An XXE vulnerability was addressed by IBM Secure External Authentication Server. Vulnerability Details CVEID: CVE-2020-4462 DESCRIPTION: IBM Sterling External Authentication Server and IBM Sterling Secure Proxy is vulnerable to an XML External Entity Injection XXE attack when processing X...