Lucene search

Sterling External Authentication Server Security Vulnerabilities - February 2022

cve

CVE-2022-22333

IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned in...

6.5CVSS

6.5AI Score

0.0004EPSS

2022-02-23 08:15 PM

103

cve

CVE-2022-22336

IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395.

7.5CVSS

7.3AI Score

0.001EPSS

2022-02-23 08:15 PM

141

cve

CVE-2022-22349

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144.

4.3CVSS

4.9AI Score

0.001EPSS

2022-02-24 05:15 PM