Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
ibm

Sterling Secure Proxy

15 Versions 15 CVEs

Versions

6.0.3.0

OTHER 2 CVEs

6.0.3, 6.1.0

OTHER 2 CVEs

3.4.3.2

OTHER 5 CVEs

2.4.2

SEMANTIC 1 CVE

6.0.2.0

OTHER 2 CVEs

6.0.0

SEMANTIC 1 CVE

3.4.2

SEMANTIC 1 CVE

6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0

OTHER 1 CVE

2.4.3

SEMANTIC 1 CVE

6.0.3

SEMANTIC 4 CVEs

3.4.3

SEMANTIC 1 CVE

6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, 6.2.0.0

OTHER 2 CVEs

2.4.3.2

OTHER 3 CVEs

6.0.2

SEMANTIC 3 CVEs

6.0.1

SEMANTIC 4 CVEs

Recent CVEs

CVE-2024-41783

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of a specified type of input.

CRITICAL

CVE-2024-38337

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments.

CRITICAL

CVE-2024-41784

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the system.

HIGH Nov 15, 2024

CVE-2023-29261

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139.

MEDIUM Sep 05, 2023

CVE-2023-32338

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.

MEDIUM Sep 04, 2023

CVE-2022-35720

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.

LOW Feb 08, 2023

CVE-2022-34361

IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.

MEDIUM Dec 06, 2022

CVE-2021-29726

IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104.

MEDIUM May 17, 2022