Sterling Secure Proxy@6.0.3 Security Vulnerabilities and Issues — Sterling Secure Proxy@6.0.3 CVE List

Lucene search

IbmSterling Secure Proxy6.0.3

12 matches found

CVE•added 2022/05/17 5:15 p.m.•67 views

CVE-2021-29726

IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104.

5.3CVSS5.1AI score0.00069EPSS

CVE•added 2024/03/15 3:15 p.m.•52 views

CVE-2023-46179

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure lin...

4.3CVSS4.1AI score0.00026EPSS

CVE•added 2024/03/15 4:15 p.m.•50 views

CVE-2023-47699

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270974.

6.1CVSS5.8AI score0.00111EPSS

CVE•added 2023/02/08 7:15 p.m.•49 views

CVE-2022-35720

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.

5.5CVSS4.2AI score0.00009EPSS

CVE•added 2024/03/15 3:15 p.m.•48 views

CVE-2023-46182

5.4CVSS5.2AI score0.00099EPSS

CVE•added 2022/12/06 6:15 p.m.•45 views

CVE-2022-34361

IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.

7.5CVSS6.3AI score0.00029EPSS

CVE•added 2024/03/15 3:15 p.m.•45 views

CVE-2023-47162

6.1CVSS5.8AI score0.00111EPSS

CVE•added 2024/03/15 4:15 p.m.•42 views

CVE-2023-46181

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686.

4CVSS3.4AI score0.0002EPSS

CVE•added 2024/03/15 4:15 p.m.•42 views

CVE-2023-47147

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598.

5.9CVSS5.2AI score0.00053EPSS

CVE•added 2023/02/08 7:15 p.m.•41 views

CVE-2022-34362

IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Forc...

4.6CVSS4.5AI score0.00135EPSS

CVE•added 2023/09/05 12:15 a.m.•34 views

CVE-2023-32338

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.

5.5CVSS4.9AI score0.00019EPSS

CVE•added 2023/09/05 1:15 a.m.•33 views

CVE-2023-29261

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139.

5.5CVSS4.8AI score0.00016EPSS