Latest ibm sterling secure proxy Vulnerabilities

CVE-2023-47699
IBM Secure Proxy cross-site scripting
IBM Secure Proxy<=6.0.3
IBM Secure Proxy<=6.1.0
IBM Sterling Secure Proxy=6.0.3
IBM Sterling Secure Proxy=6.1.0
CVE-2023-46182
IBM Secure Proxy cross-site scripting
IBM Secure Proxy<=6.0.3
IBM Secure Proxy<=6.1.0
IBM Sterling Secure Proxy=6.0.3
IBM Sterling Secure Proxy=6.1.0
CVE-2023-47162
IBM Secure Proxy cross-site scripting
IBM Secure Proxy<=6.0.3
IBM Secure Proxy<=6.1.0
IBM Sterling Secure Proxy=6.0.3
IBM Sterling Secure Proxy=6.1.0
CVE-2023-46181
IBM Secure Proxy information disclosure
IBM Secure Proxy<=6.0.3
IBM Secure Proxy<=6.1.0
IBM Sterling Secure Proxy=6.0.3
IBM Sterling Secure Proxy=6.1.0
CVE-2023-47147
IBM Secure Proxy file manipulation
IBM Secure Proxy<=6.0.3
IBM Secure Proxy<=6.1.0
IBM Sterling Secure Proxy=6.0.3
IBM Sterling Secure Proxy=6.1.0
CVE-2023-46179
IBM Secure Proxy information disclosure
IBM Secure Proxy<=6.0.3
IBM Secure Proxy<=6.1.0
IBM Sterling Secure Proxy=6.0.3
IBM Sterling Secure Proxy=6.1.0
CVE-2023-32338
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Fo...
IBM Sterling External Authentication Server=6.0.3.0
IBM Sterling External Authentication Server=6.1.0
IBM Sterling Secure Proxy=6.0.3
IBM Sterling Secure Proxy=6.1.0
IBM Sterling Secure Proxy<=6.0.3
IBM Sterling Secure Proxy<=6.1.0
IBM-7029766
IBM Sterling Secure Proxy<=6.0.3
IBM Sterling Secure Proxy<=6.1.0
CVE-2023-22874
IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216.
IBM MQ<=9.2.CD
IBM MQ<=9.3.CD
IBM MQ<=9.3.LTS
IBM MQ Appliance>=9.2.0.0<9.3.2
IBM MQ Appliance>=9.3.0.0<9.3.0.5
IBM Sterling Secure Proxy<=6.0.3
and 1 more
CVE-2023-1436
A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a S...
redhat/jenkins<2-plugins-0:4.11.1686831822-1.el8
redhat/jenkins<2-plugins-0:4.13.1686680473-1.el8
redhat/eap7-jettison<0:1.5.4-1.redhat_00002.1.el8ea
redhat/eap7-jettison<0:1.5.4-1.redhat_00002.1.el9ea
redhat/eap7-jettison<0:1.5.4-1.redhat_00002.1.el7ea
redhat/rh-sso7-keycloak<0:18.0.9-1.redhat_00001.1.el7
and 5 more
CVE-2022-34362
IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the ...
IBM Sterling Secure Proxy=6.0.3
IBM AIX
Ibm Linux On Ibm Z
Linux Linux kernel
Microsoft Windows
IBM Sterling Secure Proxy<=6.0.3
IBM-6890663
IBM Sterling Secure Proxy<=6.0.3
CVE-2022-45685
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.
debian/libjettison-java<=1.4.0-1
IBM Sterling Secure Proxy<=6.0.3
IBM Sterling Secure Proxy<=6.1.0
Jettison Project Jettison<1.5.2
Debian Debian Linux=10.0
Debian Debian Linux=11.0
CVE-2022-45693
Jettison is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker could exploit this vulnerabili...
IBM Sterling Secure Proxy<=6.0.3
IBM Sterling Secure Proxy<=6.1.0
Jettison Project Jettison<1.5.2
Debian Debian Linux=10.0
Debian Debian Linux=11.0
redhat/jenkins<2-plugins-0:4.12.1686649756-1.el8
and 7 more
CVE-2022-34361
IBM Sterling Secure Proxy uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
IBM Sterling Secure Proxy<=6.0.3
IBM Sterling Secure Proxy=6.0.3
IBM AIX
Ibm Linux On Ibm Z
Linux Linux kernel
Microsoft Windows
IBM-6844763
IBM Sterling Secure Proxy<=6.0.3
CVE-2022-31772
IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.
IBM MQ=8.0.0.0
IBM MQ=9.0.0.0
IBM MQ=9.1.0
IBM MQ=9.1.0.0
IBM MQ=9.2.0
IBM MQ=9.2.0
and 8 more
CVE-2022-40149
jettison-json Jettison is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML or JSON data, a remote authenticated attacker could exploit thi...
Jettison Project Jettison<=1.4.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
redhat/jenkins<2-plugins-0:4.11.1686831822-1.el8
redhat/jenkins<2-plugins-0:4.12.1686649756-1.el8
redhat/eap7-jettison<0:1.5.2-1.redhat_00002.1.el8ea
and 8 more
CVE-2022-40150
jettison-json Jettison is vulnerable to a denial of service, caused by an out of memory flaw. By sending a specially-crafted XML or JSON data, a remote authenticated attacker could exploit this vulner...
IBM Sterling Secure Proxy<=6.0.3
IBM Sterling Secure Proxy<=6.1.0
Jettison Project Jettison<=1.4.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
redhat/jenkins<2-plugins-0:4.11.1686831822-1.el8
and 8 more
IBM-6586754
IBM Sterling Secure Proxy<=6.0.3
CVE-2021-29726
IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certi...
IBM Secure External Authentication Server=6.0.3
IBM Sterling Secure Proxy=6.0.3
IBM Secure External Authentication Server<=6.0.3
CVE-2022-22333
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly val...
IBM Sterling External Authentication Server=3.4.3.2
IBM Sterling External Authentication Server=6.0.2.0
IBM Sterling External Authentication Server=6.0.3.0
IBM Sterling Secure Proxy=3.4.3.2
IBM Sterling Secure Proxy=6.0.2
IBM Sterling Secure Proxy=6.0.3.0
and 3 more
CVE-2022-22336
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource lea...
IBM Sterling External Authentication Server=3.4.3.2
IBM Sterling External Authentication Server=6.0.2.0
IBM Sterling External Authentication Server=6.0.3.0
IBM Sterling Secure Proxy=3.4.3.2
IBM Sterling Secure Proxy=6.0.2
IBM Sterling Secure Proxy=6.0.3.0
and 3 more
CVE-2022-23437
Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to open a specially-crafted XML document payloads, a remote at...
redhat/eap7-xerces-j2<0:2.12.0-3.SP04_redhat_00001.1.el8ea
redhat/eap7-xerces-j2<0:2.12.0-3.SP04_redhat_00001.1.el7ea
IBM Sterling Secure Proxy<=6.0.3
redhat/xerces-j2<2.12.2
Apache Xerces-j<=2.12.1
Oracle Agile Engineering Data Management=6.2.1.0
and 56 more
IBM-6484681
IBM Secure Proxy<=6.0.2
IBM Secure Proxy<=6.0.1
IBM Sterling Secure Proxy<=3.4.3.2
CVE-2021-29722
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 20...
IBM Sterling External Authentication Server=2.4.3.2
IBM Sterling External Authentication Server=6.0.1.0
IBM Sterling External Authentication Server=6.0.2.0
IBM Sterling Secure Proxy=3.4.3.2
IBM Sterling Secure Proxy=6.0.1
IBM Sterling Secure Proxy=6.0.2
and 9 more
CVE-2021-29728
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound commun...
IBM Sterling External Authentication Server=2.4.3.2
IBM Sterling External Authentication Server=6.0.1.0
IBM Sterling External Authentication Server=6.0.2.0
IBM Sterling Secure Proxy=3.4.3.2
IBM Sterling Secure Proxy=6.0.1
IBM Sterling Secure Proxy=6.0.2
and 9 more
CVE-2021-29749
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests f...
IBM Secure External Authentication Server=6.0.2
IBM Secure Proxy=6.0.2
IBM Sterling Secure Proxy=6.0.2
IBM Secure External Authentication Server<=6.0.2
CVE-2021-29725
IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource ...
IBM Secure External Authentication Server=2.4.3.2
IBM Secure External Authentication Server=6.0.1
IBM Secure External Authentication Server=6.0.2
IBM Secure Proxy=3.4.3.2
IBM Secure Proxy=6.0.1
IBM Secure Proxy=6.0.2
and 17 more
IBM-6471577
IBM Secure Proxy<=6.0.2
IBM Secure Proxy<=6.0.1
IBM Sterling Secure Proxy<=3.4.3.2
CVE-2021-2163
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact...
debian/openjdk-11
debian/openjdk-17
debian/openjdk-8
IBM Sterling Secure Proxy<=6.0.3
Oracle JDK=1.7.0-update291
Oracle JDK=1.8.0-update281
and 131 more
CVE-2020-27223
Eclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request containing multiple Accept headers with a large number of quality parameters. By sending a specially-craf...
redhat/jenkins<0:2.289.1.1624365627-1.el7
redhat/jenkins<0:2.277.3.1623846768-1.el7
redhat/jenkins<0:2.277.3.1623853726-1.el8
debian/jetty9
redhat/jetty-9.4.37.v20210219 jetty-10.0.1 jetty<11.0.1
IBM Secure Proxy<=6.0.2
and 25 more
CVE-2020-27218
### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received en...
redhat/jenkins<0:2.289.1.1624365627-1.el7
redhat/jenkins<0:2.277.3.1623846768-1.el7
redhat/jenkins<0:2.277.3.1623853726-1.el8
redhat/jetty<9.4.35.
redhat/jetty<10.0.0.
redhat/jetty<11.0.0.
and 31 more
CVE-2020-13956
Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the librar...
redhat/eap7-activemq-artemis<0:2.9.0-7.redhat_00017.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.9-12.SP13_redhat_00001.1.el6ea
redhat/eap7-hal-console<0:3.2.12-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.20-1.Final_redhat_00001.1.el6ea
redhat/eap7-httpcomponents-client<0:4.5.13-1.redhat_00001.1.el6ea
redhat/eap7-jboss-ejb-client<0:4.0.37-1.Final_redhat_00001.1.el6ea
and 88 more
CVE-2020-4462
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this ...
IBM Sterling External Authentication Server<=2.4.2
IBM External Authentication Server<=6.0
IBM External Authentication Server 6.0.1<=6.0.1
IBM Sterling External Authentication Server<=2.4.3.2
IBM Sterling External Authentication Server=2.4.2.0
IBM Sterling External Authentication Server=2.4.3.2
and 6 more
IBM-6249331
IBM Secure Proxy<=6.0
IBM Secure Proxy 6.0.1<=6.0.1
IBM Sterling Secure Proxy<=3.4.3.2
IBM Sterling Secure Proxy<=3.4.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203