IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270974.
Max CVSS
6.1
EPSS Score
0.04%
Published
2024-03-15
Updated
2024-03-19
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270973.
Max CVSS
6.1
EPSS Score
0.04%
Published
2024-03-15
Updated
2024-03-19
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598.
Max CVSS
5.9
EPSS Score
0.04%
Published
2024-03-15
Updated
2024-03-19
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269692.
Max CVSS
5.4
EPSS Score
0.04%
Published
2024-03-15
Updated
2024-03-19
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686.
Max CVSS
4.0
EPSS Score
0.04%
Published
2024-03-15
Updated
2024-03-19
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-03-15
Updated
2024-03-19
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-09-05
Updated
2023-09-08
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-02-08
Updated
2023-02-18
IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523.
Max CVSS
4.6
EPSS Score
0.05%
Published
2023-02-08
Updated
2023-02-18
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.
Max CVSS
7.5
EPSS Score
0.11%
Published
2022-12-06
Updated
2023-02-14
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395.
Max CVSS
7.5
EPSS Score
0.13%
Published
2022-02-23
Updated
2022-03-02
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133.
Max CVSS
6.5
EPSS Score
0.04%
Published
2022-02-23
Updated
2022-03-02
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201777.
Max CVSS
6.5
EPSS Score
0.06%
Published
2021-07-15
Updated
2024-03-19
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160.
Max CVSS
4.9
EPSS Score
0.06%
Published
2021-08-30
Updated
2023-02-14
IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104.
Max CVSS
5.3
EPSS Score
0.08%
Published
2022-05-17
Updated
2023-01-24
IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.
Max CVSS
7.5
EPSS Score
0.32%
Published
2021-07-15
Updated
2024-03-19
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100.
Max CVSS
7.5
EPSS Score
0.10%
Published
2021-08-30
Updated
2023-02-14
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095.
Max CVSS
7.5
EPSS Score
0.10%
Published
2021-08-30
Updated
2023-02-14
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181482.
Max CVSS
8.2
EPSS Score
0.20%
Published
2020-07-16
Updated
2020-07-22
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.
Max CVSS
6.1
EPSS Score
0.12%
Published
2016-10-06
Updated
2016-11-28
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.
Max CVSS
5.3
EPSS Score
0.05%
Published
2016-10-06
Updated
2016-11-28
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL.
Max CVSS
5.9
EPSS Score
0.22%
Published
2016-10-06
Updated
2016-11-28
Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.
Max CVSS
7.5
EPSS Score
0.30%
Published
2016-10-06
Updated
2016-11-28
IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data.
Max CVSS
4.0
EPSS Score
0.08%
Published
2013-05-10
Updated
2017-08-29
IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page title and (2) an unspecified HTTP header field, which allows remote attackers to obtain potentially sensitive information by reading a version string.
Max CVSS
5.0
EPSS Score
0.17%
Published
2013-05-10
Updated
2017-08-29
26 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!