Vulnerabilities > IBM > Sterling Secure Proxy > High

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2024-41784 Path Traversal vulnerability in IBM Sterling Secure Proxy
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
7.5
2022-12-06 CVE-2022-34361 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling Secure Proxy 6.0.3
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
7.5
2022-02-23 CVE-2022-22336 Memory Leak vulnerability in IBM products
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.
network
low complexity
ibm CWE-401
7.5
7.5
2021-08-30 CVE-2021-29722 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM products
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
7.5
2021-08-30 CVE-2021-29723 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM products
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
7.5
2021-07-15 CVE-2021-29725 Allocation of Resources Without Limits or Throttling vulnerability in IBM products
IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.
network
low complexity
ibm CWE-770
7.5
7.5
2020-07-16 CVE-2020-4462 XXE vulnerability in IBM products
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
8.2
2016-10-06 CVE-2016-6023 Path Traversal vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0
Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.
network
low complexity
ibm CWE-22
7.5
7.5