335 matches found
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple vulnerabilities due to IBM Java Runtime
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. IBM Sterling Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the...
The vulnerability of the IBM Sterling Secure Proxy proxy server and the IBM Sterling External Authentication Server (SEAS) authentication and authorization server, which stems from the use of cryptographic algorithms containing defects, allows attackers to gain unauthorized access to protected information.
The vulnerability of the IBM Sterling Secure Proxy proxy server and the IBM Sterling External Authentication Server SEAS authentication and authorization server lies in the use of cryptographic algorithms that have vulnerabilities during installation. Exploiting this vulnerability can allow a...
The vulnerability of the IBM Sterling Secure Proxy proxy server, related to insufficient validation of input data, allows attackers to perform cross-site scripting attacks.
The vulnerability of the IBM Sterling Secure Proxy proxy server is related to insufficient validation of input data when processing HOST headers. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
IBM Sterling External Authentication Server Encryption Issue Vulnerability
IBM Sterling External Authentication Server is a client application from International Business Machines IBM that enables extended authentication and verification services for IBM products. A cryptographic issue vulnerability exists in IBM Sterling External Authentication Server version 6.1.0, IB...
CVE-2022-35720
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373...
CVE-2022-34362
IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM...
Cross site scripting
IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM...
Authentication flaw
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373...
CVE-2022-34362 IBM Sterling Secure Proxy HOST header injection
IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM...
CVE-2022-34362
IBM Sterling Secure Proxy 6.0.3 is affected by an HTTP header injection flaw caused by insufficient validation of HOST headers. The vulnerability could enable attacks such as cross-site scripting, cache poisoning, or session hijacking against vulnerable systems. Affected product/version: IBM Ster...
CVE-2022-34362 IBM Sterling Secure Proxy HOST header injection
IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM...
CVE-2022-35720
CVE-2022-35720 affects IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3, due to use of weaker-than-expected cryptographic algorithms during installation, which could let a local attacker decrypt sensitive information. Remediation references in IBM advisories s...
IBM Sterling External Authentication Server 加密问题漏洞
IBM Sterling External Authentication Server is a client application from International Business Machines IBM that enables extended authentication and verification services for IBM products. A cryptographic issue vulnerability exists in IBM Sterling External Authentication Server version 6.1.0, IB...
IBM Sterling Secure Proxy 跨站脚本漏洞
IBM Sterling Secure Proxy is an application proxy from International Business Machines IBM that is used to ensure the secure transfer of files in an organization's unprotected zone DMZ. A cross-site scripting vulnerability exists in IBM Sterling Secure Proxy version 6.0.3 that stems from improper...
Security Bulletin: IBM Sterling Secure Proxy vulnerable to multiple issues
Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy 6.0.3.0 and are addressed in the latest iFix. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading ...
IBM Sterling Secure Proxy Weak Encryption Vulnerability
IBM Sterling Secure Proxy is an application agent used by International Business Machines IBM to secure the transfer of files in an organization's non-protected area DMZ. IBM Sterling Secure Proxy version 6.0.3 contains a weak encryption vulnerability that stems from the use of a...
CVE-2022-34361
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522...
CVE-2022-34361
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522...
CVE-2022-34361 IBM Sterling Secure Proxy information disclosure
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522...
CVE-2022-34361
CVE-2022-34361 affects IBM Sterling Secure Proxy 6.0.3. The issue arises from using weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. The IBM bulletin lists the affected product/version and provides a remediation: upgrade to the ...