Sterling Secure Proxy Security Vulnerabilities and Issues — Sterling Secure Proxy CVE List

Lucene search

IbmSterling Secure Proxy

9 matches found

CVE•added 2022/05/17 5:15 p.m.•67 views

CVE-2021-29726

IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104.

5.3CVSS5.1AI score0.00069EPSS

CVE•added 2023/02/08 7:15 p.m.•49 views

CVE-2022-35720

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.

5.5CVSS4.2AI score0.00009EPSS

CVE•added 2024/03/15 3:15 p.m.•48 views

CVE-2023-46182

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269692.

5.4CVSS5.2AI score0.00099EPSS

CVE•added 2024/03/15 4:15 p.m.•42 views

CVE-2023-47147

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598.

5.9CVSS5.2AI score0.00053EPSS

CVE•added 2023/09/05 12:15 a.m.•34 views

CVE-2023-32338

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.

5.5CVSS4.9AI score0.00019EPSS

CVE•added 2023/09/05 1:15 a.m.•33 views

CVE-2023-29261

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139.

5.5CVSS4.8AI score0.00016EPSS

CVE•added 2013/05/10 11:42 a.m.•29 views

CVE-2013-0519

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page title and (2) an unspecified HTTP header field, which allows remote attackers to obtain potentially sen...

5CVSS6.1AI score0.00207EPSS

CVE•added 2016/10/06 10:59 a.m.•26 views

CVE-2016-6025

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL.

5.9CVSS6AI score0.00204EPSS

CVE•added 2016/10/06 10:59 a.m.•26 views

CVE-2016-6026

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.

5.3CVSS5.5AI score0.00069EPSS