Vulnerabilities > IBM > Sterling External Authentication Server > 2.4.3.2

DATE CVE VULNERABILITY TITLE RISK
2021-08-30 CVE-2021-29722 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM products
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
7.5
2021-08-30 CVE-2021-29723 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM products
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
7.5
2021-08-30 CVE-2021-29728 Use of Hard-coded Credentials vulnerability in IBM products
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
4.9
4.9
2020-07-16 CVE-2020-4462 XXE vulnerability in IBM products
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
6.4
6.4