CVE-2021-29723
First published: Thu Aug 26 2021(Updated: )
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Sterling External Authentication Server | =2.4.3.2 | |
| IBM Sterling External Authentication Server | =6.0.1.0 | |
| IBM Sterling External Authentication Server | =6.0.2.0 | |
| IBM Sterling Secure Proxy | =3.4.3.2 | |
| IBM Sterling Secure Proxy | =6.0.1 | |
| IBM Sterling Secure Proxy | =6.0.2 | |
| HP HP-UX | ||
| IBM AIX | ||
| Ibm Linux On Ibm Z | ||
| Linux Linux kernel | ||
| Microsoft Windows | ||
| Oracle Solaris | ||
| <=6.0.2 | ||
| <=6.0.1 | ||
| <=2.4.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-29723?
CVE-2021-29723 is a vulnerability in IBM Sterling Secure Proxy that uses weaker than expected cryptographic algorithms, allowing an attacker to decrypt sensitive information.
Which versions of IBM Sterling Secure Proxy are affected by CVE-2021-29723?
IBM Sterling Secure Proxy versions 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 are affected by CVE-2021-29723.
What is the severity of CVE-2021-29723?
CVE-2021-29723 has a severity rating of 7.5 (high).
How can an attacker exploit CVE-2021-29723?
An attacker can exploit CVE-2021-29723 by using weaker cryptographic algorithms to decrypt highly sensitive information.
How can I fix CVE-2021-29723?
To fix CVE-2021-29723, update IBM Sterling Secure Proxy to a version that uses stronger cryptographic algorithms.
- collector/nvd-index
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/event
- agent/tags
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm sterling external authentication server
- version/ibm sterling external authentication server/2.4.3.2
- version/ibm sterling external authentication server/6.0.1.0
- version/ibm sterling external authentication server/6.0.2.0
- canonical/ibm sterling secure proxy
- version/ibm sterling secure proxy/3.4.3.2
- version/ibm sterling secure proxy/6.0.1
- version/ibm sterling secure proxy/6.0.2
- vendor/hp
- canonical/hp hp-ux
- canonical/ibm aix
- canonical/ibm linux on ibm z
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows
- vendor/oracle
- canonical/oracle solaris
- canonical/ibm secure external authentication server
- version/ibm secure external authentication server/6.0.2
- canonical/ibm external authentication server
- version/ibm external authentication server/6.0.1