Lucene search
K

335 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 9:26 p.m.45 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. IBM Sterling Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

6.5CVSS6.4AI score0.03028EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/02/21 12:0 a.m.8 views

The vulnerability of the IBM Sterling Secure Proxy proxy server and the IBM Sterling External Authentication Server (SEAS) authentication and authorization server, which stems from the use of cryptographic algorithms containing defects, allows attackers to gain unauthorized access to protected information.

The vulnerability of the IBM Sterling Secure Proxy proxy server and the IBM Sterling External Authentication Server SEAS authentication and authorization server lies in the use of cryptographic algorithms that have vulnerabilities during installation. Exploiting this vulnerability can allow a...

2.3CVSS6AI score0.00119EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/02/21 12:0 a.m.8 views

The vulnerability of the IBM Sterling Secure Proxy proxy server, related to insufficient validation of input data, allows attackers to perform cross-site scripting attacks.

The vulnerability of the IBM Sterling Secure Proxy proxy server is related to insufficient validation of input data when processing HOST headers. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

4.7CVSS5.2AI score0.00365EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2023/02/09 12:0 a.m.30 views

IBM Sterling External Authentication Server Encryption Issue Vulnerability

IBM Sterling External Authentication Server is a client application from International Business Machines IBM that enables extended authentication and verification services for IBM products. A cryptographic issue vulnerability exists in IBM Sterling External Authentication Server version 6.1.0, IB...

5.5CVSS5.7AI score0.00119EPSS
Exploits0References1
OSV
OSV
added 2023/02/08 7:15 p.m.8 views

CVE-2022-35720

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373...

5.5CVSS5.5AI score0.00119EPSS
Exploits0References2
NVD
NVD
added 2023/02/08 7:15 p.m.21 views

CVE-2022-34362

IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM...

4.6CVSS4.8AI score0.00365EPSS
Exploits0References2
Prion
Prion
added 2023/02/08 7:15 p.m.20 views

Cross site scripting

IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM...

4.9CVSS4.9AI score0.00365EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/02/08 7:15 p.m.21 views

Authentication flaw

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373...

1.7CVSS5.8AI score0.00119EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2023/02/08 6:30 p.m.29 views

CVE-2022-34362 IBM Sterling Secure Proxy HOST header injection

IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM...

4.6CVSS4.7AI score0.00365EPSS
Exploits0References2
CVE
CVE
added 2023/02/08 6:30 p.m.57 views

CVE-2022-34362

IBM Sterling Secure Proxy 6.0.3 is affected by an HTTP header injection flaw caused by insufficient validation of HOST headers. The vulnerability could enable attacks such as cross-site scripting, cache poisoning, or session hijacking against vulnerable systems. Affected product/version: IBM Ster...

4.6CVSS4.5AI score0.00365EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/08 6:30 p.m.9 views

CVE-2022-34362 IBM Sterling Secure Proxy HOST header injection

IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM...

4.6CVSS6.4AI score0.00365EPSS
Exploits0References2
CVE
CVE
added 2023/02/08 6:24 p.m.71 views

CVE-2022-35720

CVE-2022-35720 affects IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3, due to use of weaker-than-expected cryptographic algorithms during installation, which could let a local attacker decrypt sensitive information. Remediation references in IBM advisories s...

5.5CVSS4.2AI score0.00119EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2023/02/08 12:0 a.m.6 views

IBM Sterling External Authentication Server 加密问题漏洞

IBM Sterling External Authentication Server is a client application from International Business Machines IBM that enables extended authentication and verification services for IBM products. A cryptographic issue vulnerability exists in IBM Sterling External Authentication Server version 6.1.0, IB...

5.5CVSS6.6AI score0.00119EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/08 12:0 a.m.5 views

IBM Sterling Secure Proxy 跨站脚本漏洞

IBM Sterling Secure Proxy is an application proxy from International Business Machines IBM that is used to ensure the secure transfer of files in an organization's unprotected zone DMZ. A cross-site scripting vulnerability exists in IBM Sterling Secure Proxy version 6.0.3 that stems from improper...

4.6CVSS4.8AI score0.00365EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 2:18 p.m.110 views

Security Bulletin: IBM Sterling Secure Proxy vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy 6.0.3.0 and are addressed in the latest iFix. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading ...

7.1CVSS6.6AI score0.0444EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/12/08 12:0 a.m.22 views

IBM Sterling Secure Proxy Weak Encryption Vulnerability

IBM Sterling Secure Proxy is an application agent used by International Business Machines IBM to secure the transfer of files in an organization's non-protected area DMZ. IBM Sterling Secure Proxy version 6.0.3 contains a weak encryption vulnerability that stems from the use of a...

7.5CVSS2.5AI score0.00375EPSS
Exploits0References1
OSV
OSV
added 2022/12/06 6:15 p.m.5 views

CVE-2022-34361

IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522...

7.5CVSS5.8AI score0.00375EPSS
Exploits0References2
NVD
NVD
added 2022/12/06 6:15 p.m.14 views

CVE-2022-34361

IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522...

7.5CVSS0.00375EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/12/06 5:52 p.m.6 views

CVE-2022-34361 IBM Sterling Secure Proxy information disclosure

IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522...

5.9CVSS7.2AI score0.00375EPSS
Exploits0References2
CVE
CVE
added 2022/12/06 5:52 p.m.81 views

CVE-2022-34361

CVE-2022-34361 affects IBM Sterling Secure Proxy 6.0.3. The issue arises from using weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. The IBM bulletin lists the affected product/version and provides a remediation: upgrade to the ...

7.5CVSS6.3AI score0.00375EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder