Vulnerabilities > IBM > Sterling Secure Proxy > 3.4.1.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-05-10 | CVE-2013-0520 | Improper Input Validation vulnerability in IBM Sterling Secure Proxy IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data. | 4.0 |
2013-05-10 | CVE-2013-0519 | Information Exposure vulnerability in IBM Sterling Secure Proxy IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page title and (2) an unspecified HTTP header field, which allows remote attackers to obtain potentially sensitive information by reading a version string. | 5.0 |
2013-05-10 | CVE-2013-0518 | Improper Input Validation vulnerability in IBM Sterling Secure Proxy IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | 4.3 |