Latest ibm secure proxy Vulnerabilities

CVE-2023-46179
IBM Secure Proxy information disclosure
IBM Secure Proxy<=6.0.3
IBM Secure Proxy<=6.1.0
IBM Sterling Secure Proxy=6.0.3
IBM Sterling Secure Proxy=6.1.0
IBM-7142038
IBM Secure Proxy<=6.0.3
IBM Secure Proxy<=6.1.0
CVE-2023-47699
IBM Secure Proxy cross-site scripting
IBM Secure Proxy<=6.0.3
IBM Secure Proxy<=6.1.0
IBM Sterling Secure Proxy=6.0.3
IBM Sterling Secure Proxy=6.1.0
CVE-2023-47147
IBM Secure Proxy file manipulation
IBM Secure Proxy<=6.0.3
IBM Secure Proxy<=6.1.0
IBM Sterling Secure Proxy=6.0.3
IBM Sterling Secure Proxy=6.1.0
CVE-2023-46182
IBM Secure Proxy cross-site scripting
IBM Secure Proxy<=6.0.3
IBM Secure Proxy<=6.1.0
IBM Sterling Secure Proxy=6.0.3
IBM Sterling Secure Proxy=6.1.0
CVE-2023-47162
IBM Secure Proxy cross-site scripting
IBM Secure Proxy<=6.0.3
IBM Secure Proxy<=6.1.0
IBM Sterling Secure Proxy=6.0.3
IBM Sterling Secure Proxy=6.1.0
CVE-2023-46181
IBM Secure Proxy information disclosure
IBM Secure Proxy<=6.0.3
IBM Secure Proxy<=6.1.0
IBM Sterling Secure Proxy=6.0.3
IBM Sterling Secure Proxy=6.1.0
CVE-2022-41678
Apache ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE
Apache ActiveMQ<5.16.6
Apache ActiveMQ>=5.17.0<5.17.4
maven/org.apache.activemq:apache-activemq>=5.17.0<5.17.4
maven/org.apache.activemq:apache-activemq<5.16.6
IBM Secure Proxy<=6.0.3
IBM Secure Proxy<=6.1.0
CVE-2023-46604
Apache ActiveMQ Deserialization of Untrusted Data Vulnerability
GNU C Library
=latest
=latest
=latest
Apache ActiveMQ<5.15.16
Apache ActiveMQ>=5.16.0<5.16.7
and 24 more
CVE-2023-36478
HTTP/2 HPACK integer overflow and buffer allocation
debian/jetty9<=9.4.16-0+deb10u1<=9.4.39-3+deb11u2
redhat/http2-hpack<10.0.16
redhat/http2-hpack<11.0.16
redhat/http2-hpack<9.4.53
redhat/http3-qpack<10.0.16
redhat/http3-qpack<11.0.161
and 15 more
CVE-2023-41900
Jetty's OpenId Revoked authentication allows one request
Eclipse Jetty>=9.4.21<9.4.52
Eclipse Jetty>=10.0.0<10.0.16
Eclipse Jetty>=11.0.0<11.0.16
Debian Debian Linux=11.0
Debian Debian Linux=12.0
maven/org.eclipse.jetty:jetty-openid>=11.0.0<=11.0.15
and 8 more
CVE-2023-40167
### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such reque...
maven/org.eclipse.jetty:jetty-http=12.0.0
maven/org.eclipse.jetty:jetty-http>=11.0.0<=11.0.15
maven/org.eclipse.jetty:jetty-http>=10.0.0<=10.0.15
maven/org.eclipse.jetty:jetty-http>=9.0.0<=9.4.51
Eclipse Jetty>=9.0.0<9.4.52
Eclipse Jetty>=10.0.0<10.0.16
and 17 more
CVE-2023-36479
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user send...
maven/org.eclipse.jetty.ee8:jetty-ee8-servlets<=12.0.0-beta1
maven/org.eclipse.jetty.ee9:jetty-ee9-servlets<=12.0.0-beta1
maven/org.eclipse.jetty.ee10:jetty-ee10-servlets<=12.0.0-beta1
maven/org.eclipse.jetty:jetty-servlets>=11.0.0<=11.0.15
maven/org.eclipse.jetty:jetty-servlets>=10.0.0<=10.0.15
maven/org.eclipse.jetty:jetty-servlets>=9.0.0<=9.4.51
and 18 more
CVE-2023-38039
curl: HTTP headers eat all memory
Microsoft Windows 11=21H2
Microsoft Windows 11=22H2
Microsoft Windows 11=21H2
Microsoft Windows Server 2019
Microsoft Windows 11=22H2
Microsoft Windows 11=23H2
and 58 more
CVE-2023-22049
An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity impacts.
Debian Debian Linux=11.0
Debian Debian Linux=12.0
Oracle GraalVM=20.3.10
Oracle GraalVM=21.3.6
Oracle GraalVM=22.3.2
Oracle GraalVM for JDK=17.0.7
and 38 more
CVE-2023-2976
Use of temporary directory for file creation in `FileBackedOutputStream` in Guava
Google Guava<32.0.0
maven/com.google.guava:guava>=1.0<32.0.0-android
redhat/guava<32.0.0
IBM Secure Proxy<=6.0.3
IBM Secure Proxy<=6.1.0
CVE-2022-24839
## Summary The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. ## Severity The maintainers have evaluate...
Nekohtml Project Nekohtml<1.9.22.noko2
Oracle WebLogic Server=12.2.1.3.0
Oracle WebLogic Server=12.2.1.4.0
Oracle WebLogic Server=14.1.1.0.0
maven/org.nokogiri:nekohtml<1.9.22.noko2
IBM Secure Proxy<=6.0.3
and 1 more
IBM-6484681
IBM Secure Proxy<=6.0.2
IBM Secure Proxy<=6.0.1
IBM Sterling Secure Proxy<=3.4.3.2
CVE-2021-29749
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests f...
IBM Secure External Authentication Server=6.0.2
IBM Secure Proxy=6.0.2
IBM Sterling Secure Proxy=6.0.2
IBM Secure External Authentication Server<=6.0.2
IBM-6471623
IBM Secure Proxy<=6.0.2
CVE-2021-29725
IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource ...
IBM Secure External Authentication Server=2.4.3.2
IBM Secure External Authentication Server=6.0.1
IBM Secure External Authentication Server=6.0.2
IBM Secure Proxy=3.4.3.2
IBM Secure Proxy=6.0.1
IBM Secure Proxy=6.0.2
and 17 more
IBM-6471577
IBM Secure Proxy<=6.0.2
IBM Secure Proxy<=6.0.1
IBM Sterling Secure Proxy<=3.4.3.2
CVE-2020-27223
Eclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request containing multiple Accept headers with a large number of quality parameters. By sending a specially-craf...
redhat/jenkins<0:2.289.1.1624365627-1.el7
redhat/jenkins<0:2.277.3.1623846768-1.el7
redhat/jenkins<0:2.277.3.1623853726-1.el8
debian/jetty9
redhat/jetty-9.4.37.v20210219 jetty-10.0.1 jetty<11.0.1
IBM Secure Proxy<=6.0.2
and 25 more
CVE-2020-27218
### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received en...
redhat/jenkins<0:2.289.1.1624365627-1.el7
redhat/jenkins<0:2.277.3.1623846768-1.el7
redhat/jenkins<0:2.277.3.1623853726-1.el8
redhat/jetty<9.4.35.
redhat/jetty<10.0.0.
redhat/jetty<11.0.0.
and 31 more
CVE-2020-13956
Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the librar...
redhat/eap7-activemq-artemis<0:2.9.0-7.redhat_00017.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.9-12.SP13_redhat_00001.1.el6ea
redhat/eap7-hal-console<0:3.2.12-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.20-1.Final_redhat_00001.1.el6ea
redhat/eap7-httpcomponents-client<0:4.5.13-1.redhat_00001.1.el6ea
redhat/eap7-jboss-ejb-client<0:4.0.37-1.Final_redhat_00001.1.el6ea
and 88 more
IBM-6249331
IBM Secure Proxy<=6.0
IBM Secure Proxy 6.0.1<=6.0.1
IBM Sterling Secure Proxy<=3.4.3.2
IBM Sterling Secure Proxy<=3.4.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203