Vulnerabilities > IBM > Sterling Secure Proxy > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-15 | CVE-2023-47147 | External Control of File Name or Path vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. | 5.3 |
| 2024-03-15 | CVE-2023-47699 | Cross-site Scripting vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. | 6.1 |
| 2024-03-15 | CVE-2023-46179 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2024-03-15 | CVE-2023-46182 | Cross-site Scripting vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. | 5.4 |
| 2024-03-15 | CVE-2023-47162 | Cross-site Scripting vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. | 6.1 |
| 2023-09-05 | CVE-2023-32338 | Insufficiently Protected Credentials vulnerability in IBM products IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. | 5.5 |
| 2023-02-08 | CVE-2022-34362 | Cross-site Scripting vulnerability in IBM Sterling Secure Proxy 6.0.3 IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 4.6 |
| 2023-02-08 | CVE-2022-35720 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM products IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. | 5.5 |
| 2022-05-17 | CVE-2021-29726 | Improper Certificate Validation vulnerability in IBM products IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. | 5.3 |
| 2022-02-23 | CVE-2022-22333 | Classic Buffer Overflow vulnerability in IBM products IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. | 6.5 |