Sterling Secure Proxy@3.4.3.0 Security Vulnerabilities and Issues — Sterling Secure Proxy@3.4.3.0 CVE List

Lucene search

IbmSterling Secure Proxy3.4.3.0

4 matches found

CVE•added 2016/10/06 10:59 a.m.•35 views

CVE-2016-6027

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.

6.1CVSS6.1AI score0.00244EPSS

CVE•added 2016/10/06 10:59 a.m.•32 views

CVE-2016-6023

Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.

7.5CVSS7.2AI score0.00221EPSS

CVE•added 2016/10/06 10:59 a.m.•27 views

CVE-2016-6026

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.

5.3CVSS5.5AI score0.00069EPSS

CVE•added 2016/10/06 10:59 a.m.•26 views

CVE-2016-6025

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL.

5.9CVSS6AI score0.00204EPSS