Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in...

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter or...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerabl...

Security Bulletin: Multiple vulnerabilities affect IBM Sterling External Authentication Server

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server. These vulnerabilities have been addressed in the latest iFix. Vulnerability Details CVEID:CVE-2021-33502 DESCRIPTION: Node.js normalize-url module is vulnerable to a denial of service, caused by a ReDoS regular...

Security Bulletin: IBM Sterling Secure Proxy vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy 6.0.3.0 and are addressed in the latest iFix. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading ...

Security Bulletin: Application not signed properly in IBM Sterling External Authentication Server (CVE-2013-0521)

Abstract IBM Sterling External Authentication Server is vulnerable to running untrusted code. Content VULNERABILITY DETAILS CVE ID: CVE-2013-0521 DESCRIPTION: Java Webstart App is not signed correctly The IBM Sterling External Authentication Server Webstart GUI is signed with a self-signed...

Security Bulletin: Multiple security vulnerabilities addressed in IBM Sterling External Authentication Server (CVE-2013-0514, CVE-2013-0517)

Abstract IBM Sterling External Authentication Server is vulnerable to code execution and information disclosure attacks. Content VULNERABILITY DETAILS CVE ID: CVE-2013-0517 DESCRIPTION: OS Command Execution via Command Line Adapter Application allows the administrator to configure an OS command t...

Security Bulletin: Multiple JRE vulnerabilities addressed in IBM Sterling External Authentication Server (CVE-2013-1571, CVE-2013-1500, CVE-2013-0443, CVE-2013-0440, CVE-2013-0169)

Abstract The IBM JRE embedded in the IBM Sterling External Authentication Server has security vulnerabilities in its Javadoc, and in SSL connections to the configuration GUI. Content VULNERABILITY DETAILS CVE ID: CVE-2013-1571 DESCRIPTION: The Javadoc documentation generated for the Sterling...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified...

CVE-2022-22349

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...

Path traversal

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...

Security Bulletin: Multiple vulnerabilities were detected in IBM Sterling External Authentication Server (CVE-2022-22333, CVE-2022-22349)

Summary There are multiple vulnerabilities in IBM Sterling External Authentication Server detected by internal scans. IBM Sterling External Authentication Server has addressed the applicable vulnerabilities. Vulnerability Details CVEID: CVE-2022-22333 DESCRIPTION: IBM Sterling Secure Proxy and IB...

Security Bulletin: Apache Log4j vulnerability affects IBM Sterling External Authentication Server (CVE-2021-44832)

Summary IBM Sterling External Authentication Server is vulnerable to an arbitrary code execution due to Apache Log4j, which is used for logging CVE-2021-44832. The fix includes Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker...

Security Bulletin: Multiple Vulnerabilities in Apache Log4j impact IBM Sterling External Authentication Server (CVE-2021-45105, CVE-2021-45046)

Summary IBM Sterling External Authentication Server is vulnerable to denial of service and arbitrary code execution due to Apache Log4j, which is used for logging CVE-2021-45105,CVE-2021-45046. The fix includes Apache Log4j 2.17.0. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime Affect IBM Sterling External Authentication Server

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling External Authentication Server

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-4473 DESCRIPTION: Multiple binaries in...

Security Bulletin: IBM Java Runtime Vulnerability Affects IBM Secure External Authentication Server (CVE-2020-2654)

Summary IBM Secure External Authentication Server has addressed the applicable vulnerability in IBM® Runtime Environment Java™ Version 1.8 . Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an...