IBM Sterling Secure Proxy 3.4.3.0

CPE Details

IBM Sterling Secure Proxy 3.4.3.0
3.4.3.0
2020-05-12
12h52 +00:00
2020-05-12
12h52 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:ibm:sterling_secure_proxy:3.4.3.0:*:*:*:*:*:*:*

Informations

Vendor

ibm

Product

sterling_secure_proxy

Version

3.4.3.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-4462 2020-07-16 15h05 +00:00 IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181482.
8.2
Haute
CVE-2016-6023 2016-10-06 08h00 +00:00 Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.
7.5
Haute
CVE-2016-6025 2016-10-06 08h00 +00:00 The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL.
5.9
Moyen
CVE-2016-6026 2016-10-06 08h00 +00:00 The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.
5.3
Moyen
CVE-2016-6027 2016-10-06 08h00 +00:00 The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.
6.1
Moyen