Sterling External Authentication Server@6.0.3.0 Security Vulnerabilities and Issues — Sterling External Authentication Server@6.0.3.0 CVE List

Lucene search

IbmSterling External Authentication Server6.0.3.0

5 matches found

cve•added 2022/02/23 8:15 p.m.•156 views

CVE-2022-22336

IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395.

7.5CVSS7.3AI score0.0194EPSS

cve•added 2022/02/23 8:15 p.m.•115 views

CVE-2022-22333

IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned in...

6.5CVSS6.5AI score0.00648EPSS

cve•added 2022/02/24 5:15 p.m.•77 views

CVE-2022-22349

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144.

4.3CVSS4.9AI score0.00382EPSS

cve•added 2023/09/05 12:15 a.m.•34 views

CVE-2023-32338

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.

5.5CVSS4.9AI score0.00019EPSS

cve•added 2023/09/05 1:15 a.m.•33 views

CVE-2023-29261

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139.

5.5CVSS4.8AI score0.00016EPSS