IBM Sterling Secure Proxy 6.0.3

CPE Details

IBM Sterling Secure Proxy 6.0.3
ibm
sterling_secure_proxy
6.0.3
2022-05-23
13h24 +00:00
2022-05-31
14h48 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:ibm:sterling_secure_proxy:6.0.3:*:*:*:*:*:*:*

Informations

Vendor

ibm

Product

sterling_secure_proxy

Version

6.0.3

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-46181 2024-03-15 15h13 +00:00 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686.
4
Moyen
CVE-2023-47699 2024-03-15 15h11 +00:00 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270974.
6.1
Moyen
CVE-2023-47147 2024-03-15 15h09 +00:00 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598.
5.9
Moyen
CVE-2023-46179 2024-03-15 15h08 +00:00 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683.
4.3
Moyen
CVE-2023-47162 2024-03-15 15h06 +00:00 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270973.
6.1
Moyen
CVE-2023-46182 2024-03-15 14h45 +00:00 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269692.
5.4
Moyen
CVE-2023-32338 2023-09-04 23h57 +00:00 IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.
5.5
Moyen
CVE-2022-34362 2023-02-08 18h30 +00:00 IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523.
4.6
Moyen
CVE-2022-35720 2023-02-08 18h24 +00:00 IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.
5.5
Moyen
CVE-2022-34361 2022-12-06 17h52 +00:00 IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.
7.5
Haute
CVE-2021-29726 2022-05-17 16h25 +00:00 IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104.
5.3
Moyen