First published: Thu Aug 26 2021(Updated: )
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Sterling External Authentication Server | =2.4.3.2 | |
IBM Sterling External Authentication Server | =6.0.1.0 | |
IBM Sterling External Authentication Server | =6.0.2.0 | |
IBM Sterling Secure Proxy | =3.4.3.2 | |
IBM Sterling Secure Proxy | =6.0.1 | |
IBM Sterling Secure Proxy | =6.0.2 | |
HP HP-UX | ||
IBM AIX | ||
Ibm Linux On Ibm Z | ||
Linux Linux kernel | ||
Microsoft Windows | ||
Oracle Solaris | ||
<=6.0.2 | ||
<=6.0.1 | ||
<=2.4.3.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-29728.
The severity level of CVE-2021-29728 is medium (4.9).
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, IBM Sterling External Authentication Server 2.4.3.2, 6.0.1.0, and 6.0.2.0 are affected by CVE-2021-29728.
CVE-2021-29728 allows an attacker to gain unauthorized access, intercept communication, or manipulate internal data.
To fix CVE-2021-29728, apply the patches provided by IBM.