Latest ibm sterling external authentication server Vulnerabilities

CVE-2023-32338
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Fo...
IBM Sterling External Authentication Server=6.0.3.0
IBM Sterling External Authentication Server=6.1.0
IBM Sterling Secure Proxy=6.0.3
IBM Sterling Secure Proxy=6.1.0
IBM Sterling Secure Proxy<=6.0.3
IBM Sterling Secure Proxy<=6.1.0
CVE-2023-29261
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM...
IBM Sterling External Authentication Server=6.0.3.0
IBM Sterling External Authentication Server=6.1.0
IBM Sterling External Authentication Server<=6.0.3
IBM Sterling External Authentication Server<=6.1.0
IBM-7029765
IBM Sterling External Authentication Server<=6.0.3
IBM Sterling External Authentication Server<=6.1.0
IBM-6890669
IBM Sterling External Authentication Server<=6.1.0
IBM-6558928
IBM Sterling External Authentication Server<=6.0.3
IBM Sterling External Authentication Server<=6.0.2
IBM Sterling External Authentication Server<=3.4.3.2
CVE-2022-22333
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly val...
IBM Sterling External Authentication Server=3.4.3.2
IBM Sterling External Authentication Server=6.0.2.0
IBM Sterling External Authentication Server=6.0.3.0
IBM Sterling Secure Proxy=3.4.3.2
IBM Sterling Secure Proxy=6.0.2
IBM Sterling Secure Proxy=6.0.3.0
and 3 more
CVE-2022-22349
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import i...
IBM Sterling External Authentication Server=3.4.3.2
IBM Sterling External Authentication Server=6.0.2.0
IBM Sterling External Authentication Server=6.0.3.0
IBM Sterling External Authentication Server<=6.0.3
IBM Sterling External Authentication Server<=6.0.2
IBM Sterling External Authentication Server<=3.4.3.2
CVE-2022-22336
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource lea...
IBM Sterling External Authentication Server=3.4.3.2
IBM Sterling External Authentication Server=6.0.2.0
IBM Sterling External Authentication Server=6.0.3.0
IBM Sterling Secure Proxy=3.4.3.2
IBM Sterling Secure Proxy=6.0.2
IBM Sterling Secure Proxy=6.0.3.0
and 3 more
CVE-2021-29728
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound commun...
IBM Sterling External Authentication Server=2.4.3.2
IBM Sterling External Authentication Server=6.0.1.0
IBM Sterling External Authentication Server=6.0.2.0
IBM Sterling Secure Proxy=3.4.3.2
IBM Sterling Secure Proxy=6.0.1
IBM Sterling Secure Proxy=6.0.2
and 9 more
CVE-2021-29722
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 20...
IBM Sterling External Authentication Server=2.4.3.2
IBM Sterling External Authentication Server=6.0.1.0
IBM Sterling External Authentication Server=6.0.2.0
IBM Sterling Secure Proxy=3.4.3.2
IBM Sterling Secure Proxy=6.0.1
IBM Sterling Secure Proxy=6.0.2
and 9 more
IBM-6484685
IBM Secure External Authentication Server<=6.0.2
IBM External Authentication Server<=6.0.1
IBM Sterling External Authentication Server<=2.4.3.2
IBM-6471615
IBM Secure External Authentication Server<=6.0.2
IBM External Authentication Server<=6.0.1
IBM Sterling External Authentication Server<=2.4.3.2
CVE-2021-33502
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URL...
npm/normalize-url>=4.3.0<4.5.1
npm/normalize-url>=6.0.0<6.0.1
npm/normalize-url>=5.0.0<5.3.1
IBM Sterling External Authentication Server<=6.1.0
Normalize-url Project Normalize-url>=4.3.0<4.5.1
Normalize-url Project Normalize-url>=5.0.0<5.3.1
and 8 more
CVE-2020-13936
Apache Velocity could allow a remote attacker to execute arbitrary code on the system, caused by a sandbox bypass flaw. By modifying the Velocity templates, an attacker could exploit this vulnerabilit...
ubuntu/velocity<1.7-5ubuntu0.18.04.1~
ubuntu/velocity<1.7-5+
ubuntu/velocity<1.7-4ubuntu0.1~
debian/velocity
redhat/eap7-artemis-wildfly-integration<0:1.0.4-1.redhat_00001.1.el6ea
redhat/eap7-bouncycastle<0:1.68.0-2.redhat_00005.1.el6ea
and 89 more
IBM-6249317
IBM Sterling External Authentication Server<=2.4.2
IBM External Authentication Server<=6.0
IBM External Authentication Server 6.0.1<=6.0.1
IBM Sterling External Authentication Server<=2.4.3.2
CVE-2020-4462
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this ...
IBM Sterling External Authentication Server<=2.4.2
IBM External Authentication Server<=6.0
IBM External Authentication Server 6.0.1<=6.0.1
IBM Sterling External Authentication Server<=2.4.3.2
IBM Sterling External Authentication Server=2.4.2.0
IBM Sterling External Authentication Server=2.4.3.2
and 6 more
CVE-2013-0517
A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute ar...
IBM Sterling External Authentication Server=2.2.0
IBM Sterling External Authentication Server=2.3.01
IBM Sterling External Authentication Server=2.4.0
IBM Sterling External Authentication Server=2.4.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203