Vulnerabilities > IBM > Sterling External Authentication Server > 3.4.3.2

DATE CVE VULNERABILITY TITLE RISK
2022-02-24 CVE-2022-22349 Path Traversal vulnerability in IBM Sterling External Authentication Server 3.4.3.2/6.0.2.0/6.0.3.0
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data.
network
low complexity
ibm CWE-22
4.3
4.3
2022-02-23 CVE-2022-22333 Classic Buffer Overflow vulnerability in IBM products
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted.
low complexity
ibm CWE-120
6.5
6.5
2022-02-23 CVE-2022-22336 Memory Leak vulnerability in IBM products
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.
network
low complexity
ibm CWE-401
7.5
7.5