Vulnerabilities > IBM > Sterling Secure Proxy

DATE CVE VULNERABILITY TITLE RISK
2016-10-06 CVE-2016-6027 Cross-site Scripting vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.
network
low complexity
ibm CWE-79
6.1
6.1
2016-10-06 CVE-2016-6026 Information Exposure vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.
high complexity
ibm CWE-200
5.3
5.3
2016-10-06 CVE-2016-6025 Permissions, Privileges, and Access Controls vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL.
local
low complexity
ibm CWE-264
5.9
5.9
2016-10-06 CVE-2016-6023 Path Traversal vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0
Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.
network
low complexity
ibm CWE-22
7.5
7.5