Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig...

CVE-2024-38337

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments...

IBM Sterling Secure Proxy 安全漏洞

IBM Sterling Secure Proxy is an application agent from International Business Machines IBM that is used to ensure the secure transfer of files in an organization's unprotected zone DMZ. A security vulnerability exists in IBM Sterling Secure Proxy that stems from an improperly assigned privilege...

CVE-2024-41784

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences /.../ to view arbitrary files on the system...

CVE-2023-46181

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686...

CVE-2023-47147 IBM Secure Proxy file manipulation

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598...

CVE-2023-32338

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585...

CVE-2021-29726

IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104...

CVE-2021-29726

IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104...

CVE-2022-22333

IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned...

CVE-2021-29722

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095...

CVE-2021-29728

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160...

CVE-2021-29723

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100...

IBM Sterling Secure Proxy 信任管理问题漏洞

IBM Sterling Secure Proxy creates a security barrier for trusted networks by preventing direct connections between external partners and internal servers. IBM Sterling Secure Proxy versions 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contain a hard-coded credential vulnerability. An attacker could use thi...

IBM Sterling Secure Proxy 代码问题漏洞

IBM Sterling Secure Proxy is an International Business Machines Corporation IBM application proxy for securing file transfers in an organization's unprotected zone DMZ. IBM Sterling Secure Proxy has a server-side request forgery vulnerability vulnerability that originates from a server that fails...

IBM Sterling Secure Proxy Configuration Manager Information Disclosure Vulnerability

IBM Sterling Secure Proxy SSP is an unprotected zone DMZ-based application proxy from IBM USA that protects file transfers from the public Internet.Configuration Manager is one of the configuration management components. An information disclosure vulnerability exists in Configuration Manager in I...

CVE-2016-6023

Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy SSP 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL...

CVE-2013-0520

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data...

CVE-2013-0519

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in 1 an unspecified page title and 2 an unspecified HTTP header field, which allows remote attackers to obtain potentially...

Design/Logic Flaw

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data...