Vulnerabilities > IBM > Sterling Secure Proxy > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-03-15 CVE-2023-47147 Unspecified vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions.
network
low complexity
ibm
5.3
2024-03-15 CVE-2023-47699 Unspecified vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting.
network
low complexity
ibm
6.1
2024-03-15 CVE-2023-46179 Unspecified vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm
4.3
2024-03-15 CVE-2023-46182 Unspecified vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting.
network
low complexity
ibm
5.4
2024-03-15 CVE-2023-47162 Unspecified vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting.
network
low complexity
ibm
6.1
2023-09-05 CVE-2023-32338 Insufficiently Protected Credentials vulnerability in IBM products
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access.
local
low complexity
ibm CWE-522
5.5
2023-02-08 CVE-2022-34362 Cross-site Scripting vulnerability in IBM Sterling Secure Proxy 6.0.3
IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-79
4.6
2023-02-08 CVE-2022-35720 Unspecified vulnerability in IBM products
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information.
local
low complexity
ibm
5.5
2022-05-17 CVE-2021-29726 Improper Certificate Validation vulnerability in IBM products
IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates.
network
low complexity
ibm CWE-295
5.3
2022-02-23 CVE-2022-22333 Classic Buffer Overflow vulnerability in IBM products
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted.
low complexity
ibm CWE-120
6.5