Sterling Secure Proxy Security Vulnerabilities and Issues — Sterling Secure Proxy CVE List

Lucene search

IbmSterling Secure Proxy

32 matches found

CVE•added 2022/02/23 8:15 p.m.•156 views

CVE-2022-22336

IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395.

7.5CVSS7.3AI score0.0194EPSS

CVE•added 2022/02/23 8:15 p.m.•115 views

CVE-2022-22333

IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned in...

6.5CVSS6.5AI score0.00648EPSS

CVE•added 2025/01/19 3:15 p.m.•89 views

CVE-2024-41783

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of a specified type of input.

9.1CVSS6.7AI score0.00064EPSS

CVE•added 2025/01/19 3:15 p.m.•75 views

CVE-2024-38337

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments.

9.1CVSS6.3AI score0.00052EPSS

CVE•added 2022/05/17 5:15 p.m.•67 views

CVE-2021-29726

IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104.

5.3CVSS5.1AI score0.00069EPSS

CVE•added 2024/03/15 3:15 p.m.•52 views

CVE-2023-46179

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure lin...

4.3CVSS4.1AI score0.00026EPSS

CVE•added 2021/08/30 5:15 p.m.•51 views

CVE-2021-29723

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100.

7.5CVSS7.3AI score0.00142EPSS

CVE•added 2024/11/15 4:15 p.m.•51 views

CVE-2024-41784

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the system.

7.5CVSS7.4AI score0.00102EPSS

CVE•added 2024/03/15 4:15 p.m.•50 views

CVE-2023-47699

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270974.

6.1CVSS5.8AI score0.00111EPSS

CVE•added 2023/02/08 7:15 p.m.•49 views

CVE-2022-35720

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.

5.5CVSS4.2AI score0.00009EPSS

CVE•added 2024/03/15 3:15 p.m.•48 views

CVE-2023-46182

5.4CVSS5.2AI score0.00099EPSS

CVE•added 2022/12/06 6:15 p.m.•45 views

CVE-2022-34361

IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.

7.5CVSS6.3AI score0.00029EPSS

CVE•added 2024/03/15 3:15 p.m.•45 views

CVE-2023-47162

6.1CVSS5.8AI score0.00111EPSS

CVE•added 2025/05/28 4:15 p.m.•45 views

CVE-2024-51453

IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

7.5CVSS4.6AI score0.00064EPSS

CVE•added 2025/05/28 4:15 p.m.•44 views

CVE-2024-38341

IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5CVSS5.6AI score0.00018EPSS

CVE•added 2024/03/15 4:15 p.m.•42 views

CVE-2023-46181

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686.

4CVSS3.4AI score0.0002EPSS

CVE•added 2024/03/15 4:15 p.m.•42 views

CVE-2023-47147

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598.

5.9CVSS5.2AI score0.00053EPSS

CVE•added 2023/02/08 7:15 p.m.•41 views

CVE-2022-34362

IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Forc...

4.6CVSS4.5AI score0.00135EPSS

CVE•added 2021/07/15 4:15 p.m.•40 views

CVE-2021-29725

IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.

7.5CVSS7.3AI score0.02028EPSS

CVE•added 2021/07/15 4:15 p.m.•38 views

CVE-2021-29749

IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-For...

6.5CVSS5.6AI score0.00242EPSS

CVE•added 2013/05/10 11:42 a.m.•37 views

CVE-2013-0520

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data.

4CVSS6.9AI score0.0014EPSS

CVE•added 2021/08/30 5:15 p.m.•36 views

CVE-2021-29728

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160.

4.9CVSS5.8AI score0.00088EPSS

CVE•added 2016/10/06 10:59 a.m.•35 views

CVE-2016-6027

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.

6.1CVSS6.1AI score0.00244EPSS

CVE•added 2023/09/05 12:15 a.m.•34 views

CVE-2023-32338

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.

5.5CVSS4.9AI score0.00019EPSS

CVE•added 2023/09/05 1:15 a.m.•33 views

CVE-2023-29261

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139.

5.5CVSS4.8AI score0.00016EPSS

CVE•added 2016/10/06 10:59 a.m.•32 views

CVE-2016-6023

Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.

7.5CVSS7.2AI score0.00221EPSS

CVE•added 2020/07/16 3:15 p.m.•31 views

CVE-2020-4462

IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive ...

8.2CVSS8AI score0.00977EPSS

CVE•added 2021/08/30 5:15 p.m.•30 views

CVE-2021-29722

7.5CVSS7.2AI score0.00142EPSS

CVE•added 2013/05/10 11:42 a.m.•29 views

CVE-2013-0519

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page title and (2) an unspecified HTTP header field, which allows remote attackers to obtain potentially sen...

5CVSS6.1AI score0.00207EPSS

CVE•added 2013/05/10 11:42 a.m.•27 views

CVE-2013-0518

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

4.3CVSS6.4AI score0.00195EPSS

CVE•added 2016/10/06 10:59 a.m.•26 views

CVE-2016-6025

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL.

5.9CVSS6AI score0.00204EPSS

CVE•added 2016/10/06 10:59 a.m.•26 views

CVE-2016-6026

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.

5.3CVSS5.5AI score0.00069EPSS