PT-2022-22145 · Ibm · Ibm Sterling Secure Proxy

Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy version 6.0.3 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For IBM Sterling...

Security Bulletin: Potential Denial of Service (DoS) security vulnerability in IBM Sterling Secure Proxy

Abstract Potential Denial of Service DoS security vulnerability in IBM Sterling Secure Proxy due to a Java HashTable security vulnerability in Jetty CVE-2011-4461. Content SUMMARY: Potential Denial of Service DoS security vulnerability in IBM Sterling Secure Proxy due to a Java HashTable security...

Security Bulletin: Sterling External Authentication Server Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Abstract Java API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS: CVEID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...

Security Bulletin: IBM Sterling Secure Proxy’s session or sensitive cookies do not have the secure attribute enabled (CVE-2013-0515)

Abstract IBM Sterling Secure Proxy’s session or sensitive cookies do not always have the secure attribute enabled. As a result, customers who use HTTP could be vulnerable to cookie hijacking attacks. Content VULNERABILITY DETAILS CVE ID: CVE-2013-0515 DESCRIPTION: Set Secure Attribute in SSL Cook...

Security Bulletin: Multiple security vulnerabilities addressed in IBM Sterling Secure Proxy (CVE-2013-0518, CVE-2013-0519, CVE-2013-0520)

Abstract IBM Sterling Secure Proxy is vulnerable to spoofing and information disclosure attacks. Content VULNERABILITY DETAILS CVE ID: CVE-2013-0518 DESCRIPTION: Application Pages Do Not Break Out of 3rd Party HTML Frames. IBM Sterling Secure Proxy Configuration Manager pages permit rendering...

Security Bulletin: Multiple JRE vulnerabilities addressed in IBM Sterling Secure Proxy (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)

Abstract The IBM JRE embedded in the IBM Sterling Secure Proxy Configuration Manager has security vulnerabilities that affect SSL connections to the configuration GUI. Content VULNERABILITY DETAILS CVE ID : CVE-2013-0440 DESCRIPTION: A vulnerability in Java Runtime Environment allows remote...

Fedora: Security Advisory for golang-k8s-kube-aggregator (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-k8s-kube-aggregator-1.22.0-5.fc36

Aggregator for Kubernetes-style API servers: dynamic registration, discovery summarization, secure proxy...

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues due to Eclipse Jetty

Summary Eclipse Jetty has reported multiple vulnerabilities. IBM Sterling Secure Proxy has addressed the applicable vulnerabilities. Vulnerability Details CVEID:CVE-2022-2047 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw i...

Security Bulletin: IBM Secure Proxy is vulnerable to remote code execution due to Apache Log4j (CVE-2021-4104)

Summary IBM Sterling Secure Proxy is vulnerable to arbitrary code execution due to Apache Log4j, which is used for logging CVE-2021-4104. The fix includes Apache Log4j 2.17.2. Vulnerability Details CVEID:CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary co...

[SECURITY] Fedora 35 Update: golang-k8s-kube-aggregator-1.22.0-4.fc35

Aggregator for Kubernetes-style API servers: dynamic registration, discovery summarization, secure proxy...

PT-2022-6309 · Ibm · Ibm Sterling Secure Proxy +1

Name of the Vulnerable Software and Affected Versions: IBM Sterling External Authentication Server version 6.1.0 IBM Sterling Secure Proxy version 6.0.3 Description: The issue is related to the use of weaker than expected cryptographic algorithms during installation, which could allow a local...

Fedora: Security Advisory for golang-k8s-kube-aggregator (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-k8s-kube-aggregator-1.22.0-4.fc36

Aggregator for Kubernetes-style API servers: dynamic registration, discovery summarization, secure proxy...

IBM Sterling Secure Proxy Trust Management Issue Vulnerability

IBM Sterling Secure Proxy is an application proxy used by International Business Machines Corporation IBM to secure the transfer of files in an organization's unprotected zone DMZ.IBM Sterling Secure Proxy version 6.0.3 and IBM Secure External Authentication Server version 6.0.3 contain a trust...

Input validation

IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104...

CVE-2021-29726

CVE-2021-29726 affects IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3. The issue is improper validation leading to a certificate not being properly associated with the host (trust management/certificate validation bypass). Reported base CVSS v3.1/3.0 scores ar...

IBM Sterling Secure Proxy 信任管理问题漏洞

IBM Sterling Secure Proxy is an application proxy used by International Business Machines Corporation IBM to secure the transfer of files in an organization's unprotected zone DMZ.IBM Sterling Secure Proxy version 6.0.3 and IBM Secure External Authentication Server version 6.0.3 contain a trust...

PT-2022-9929 · Ibm · Ibm Secure External Authentication Server +1

Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy version 6.0.3 IBM Secure External Authentication Server version 6.0.3 Description: The issue arises from improper validation of certificates, which fails to ensure that a certificate is actually associated with the...

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. IBM Sterling Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the...