Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Ibm Subscribe
Filtered by product Sterling External Authentication Server

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-29728 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, Linux On Zseries and 5 more 2021-09-02 4.0 MEDIUM 4.9 MEDIUM
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160.
CVE-2021-29723 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, Linux On Zseries and 5 more 2021-09-02 5.0 MEDIUM 7.5 HIGH
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100.
CVE-2021-29722 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, Linux On Zseries and 5 more 2021-09-02 5.0 MEDIUM 7.5 HIGH
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095.
CVE-2020-4462 1 Ibm 2 Sterling External Authentication Server, Sterling Secure Proxy 2020-07-22 6.4 MEDIUM 8.2 HIGH
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181482.
CVE-2013-0517 1 Ibm 1 Sterling External Authentication Server 2020-02-13 7.2 HIGH 7.8 HIGH
A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code.