Vulnerabilities > IBM > Sterling External Authentication Server

DATE CVE VULNERABILITY TITLE RISK
2023-09-05 CVE-2023-29261 Insecure Storage of Sensitive Information vulnerability in IBM Sterling External Authentication Server 6.0.3.0/6.1.0
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations.
local
low complexity
ibm CWE-922
5.5
2023-09-05 CVE-2023-32338 Insufficiently Protected Credentials vulnerability in IBM products
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access.
local
low complexity
ibm CWE-522
5.5
2023-02-08 CVE-2022-35720 Unspecified vulnerability in IBM products
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information.
local
low complexity
ibm
5.5
2022-02-24 CVE-2022-22349 Path Traversal vulnerability in IBM Sterling External Authentication Server 3.4.3.2/6.0.2.0/6.0.3.0
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data.
network
low complexity
ibm CWE-22
4.3
2022-02-23 CVE-2022-22333 Classic Buffer Overflow vulnerability in IBM products
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted.
low complexity
ibm CWE-120
6.5
2022-02-23 CVE-2022-22336 Memory Leak vulnerability in IBM products
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.
network
low complexity
ibm CWE-401
7.5
2021-08-30 CVE-2021-29722 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM products
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2021-08-30 CVE-2021-29723 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM products
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2021-08-30 CVE-2021-29728 Use of Hard-coded Credentials vulnerability in IBM products
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
4.9
2020-07-16 CVE-2020-4462 XXE vulnerability in IBM products
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2