Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD783A7F4DFFB9905E79E357ACA80CE9623FFC55147AEC4BAF71DFFC0CC45C9F3
HistoryJul 30, 2021 - 5:06 a.m.

Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server

2021-07-3005:06:11
www.ibm.com
22

0.028 Low

EPSS

Percentile

90.7%

JSON

Summary

There are multiple vulnerabilities in IBM Secure External Authentication Server. IBM Secure External Authentication Server has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2021-29725
**DESCRIPTION:**IBM Sterling Secure Proxy could allow a remote user to consume resources causing a denial of service due to a resource leak.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201102 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-27218
**DESCRIPTION:**Eclipse Jetty could allow a remote attacker to bypass security restrictions, caused by a flaw when GZIP request body inflation is enabled. By sending a specially-crafted request, an attacker could exploit this vulnerability to inject data into the body of the subsequent request.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192459 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)

CVEID:CVE-2020-27223
**DESCRIPTION:**Eclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request containing multiple Accept headers with a large number of quality parameters. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to exhaust minutes of CPU time.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197559 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-13956
**DESCRIPTION:**Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189572 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Secure External Authentication Server 6.0.2
IBM External Authentication Server 6.0.1
IBM Sterling External Authentication Server 2.4.3.2

Remediation/Fixes

Product

|

VRMF

|

iFix

|

Remediation/First Fix

—|—|—|—

IBM Secure External Authentication Server

|

6.0.2.0

|

iFix 2

|

Fix Central

IBM Secure External Authentication Server

|

6.0.1.1

|

iFix 4

|

Fix Central

IBM Sterling External Authentication Server

|

2.4.3.2

|

iFix 11

|

Fix Central

Workarounds and Mitigations

None

Related

ibm 58
redhat 22
nessus 32
cve 4
cvelist 4
prion 4
cnvd 1
nvd 4
veracode 3
osv 20
openvas 13
redhatcve 3
github 4
githubexploit 1
debiancve 3
checkpoint_advisories 1
ubuntucve 3
debian 4
cgr 1
amazon 1
rocky 2
almalinux 2
oraclelinux 2
ubuntu 1
mageia 1
wolfi 1
suse 1
freebsd 1
atlassian 2
ibm
ibm
Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure Proxy
2021-07-30 05:06:05
Security Bulletin: Vulnerabilities in Apache HttpClient and Eclipse Jetty Affect IBM Control Center (CVE-2020-13956, CVE-2020-27218)
2021-05-14 21:15:57
Security Bulletin: CVE-2020-27223 when Jetty handles a request containing multiple Accept headers the server may enter a denial of service (DoS) state
2021-07-30 05:03:40
redhat
redhat
(RHSA-2021:2499) Moderate: OpenShift Container Platform 4.6.36 security update
2021-06-29 05:50:19
(RHSA-2022:1861) Moderate: maven:3.5 security update
2022-05-10 08:04:48
(RHSA-2022:0722) Moderate: rh-maven36-httpcomponents-client security update
2022-03-01 14:04:58
nessus
nessus
RHEL 8 : OpenShift Container Platform 4.6.36 (RHSA-2021:2499)
2021-06-29 00:00:00
CentOS 8 : maven:3.5 (CESA-2022:1861)
2022-05-10 00:00:00
AlmaLinux 8 : maven:3.6 (ALSA-2022:1860)
2022-05-12 00:00:00
cve
cve
CVE-2021-29725
2021-07-15 16:15:09
CVE-2020-27223
2021-02-26 22:15:19
CVE-2020-27218
2020-11-28 01:15:11
cvelist
cvelist
CVE-2021-29725
2021-07-13 00:00:00
CVE-2020-27223
2021-02-26 21:55:13
CVE-2020-27218
2020-11-28 00:00:00
prion
prion
Design/Logic Flaw
2021-07-15 16:15:00
Design/Logic Flaw
2021-02-26 22:15:00
Cross site request forgery (csrf)
2020-11-28 01:15:00
cnvd
cnvd
IBM Sterling Secure Proxy Denial of Service Vulnerability
2021-07-15 00:00:00
nvd
nvd
CVE-2021-29725
2021-07-15 16:15:09
CVE-2020-27223
2021-02-26 22:15:19
CVE-2020-13956
2020-12-02 17:15:14
veracode
veracode
Denial Of Service(DoS)
2021-03-01 03:37:45
Validation Bypass
2020-10-12 04:02:04
Insecure GZIP Request Body Inflation
2020-12-04 06:03:16
osv
osv
CVE-2020-27223
2021-02-26 22:15:19
BIT-solr-2020-27223
2024-03-06 11:07:09
DOS vulnerability for Quoted Quality CSV headers
2021-03-10 03:46:47
openvas
openvas
Eclipse Jetty DoS Vulnerability (GHSA-m394-8rww-3jr7) - Linux
2021-03-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:0940-1)
2021-06-09 00:00:00
Eclipse Jetty DoS Vulnerability (GHSA-m394-8rww-3jr7) - Windows
2021-03-02 00:00:00
redhatcve
redhatcve
CVE-2020-27223
2021-03-02 15:02:57
CVE-2020-27218
2020-11-30 19:29:12
CVE-2020-13956
2020-10-08 20:22:11
github
github
DOS vulnerability for Quoted Quality CSV headers
2021-03-10 03:46:47
Vulnerable dependency in XTDB connector
2021-12-16 18:53:32
Cross-site scripting in Apache HttpClient
2021-06-03 23:40:23
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in Eclipse Jetty
2021-03-19 03:50:45
debiancve
debiancve
CVE-2020-27223
2021-02-26 22:15:19
CVE-2020-27218
2020-11-28 01:15:11
CVE-2020-13956
2020-12-02 17:15:14
checkpoint_advisories
checkpoint_advisories
Eclipse Jetty Denial Of Service (CVE-2020-27223)
2021-04-05 00:00:00
ubuntucve
ubuntucve
CVE-2020-13956
2020-12-02 00:00:00
CVE-2020-27223
2021-02-26 00:00:00
CVE-2020-27218
2020-11-28 00:00:00
debian
debian
[SECURITY] [DLA 2405-1] httpcomponents-client security update
2020-10-10 17:12:02
[SECURITY] [DSA 4772-1] httpcomponents-client security update
2020-10-14 20:21:34
[SECURITY] [DLA 3641-1] jetty9 security update
2023-10-30 20:10:54
cgr
cgr
CVE-2020-13956 vulnerabilities
2024-05-19 03:07:16
amazon
amazon
Medium: httpcomponents-client
2023-02-17 00:11:00
rocky
rocky
maven:3.6 security and enhancement update
2022-05-10 08:04:46
maven:3.5 security update
2022-05-10 08:04:48
almalinux
almalinux
Moderate: maven:3.5 security update
2022-05-10 08:04:48
Moderate: maven:3.6 security and enhancement update
2022-05-10 08:04:46
oraclelinux
oraclelinux
maven:3.5 security update
2022-05-17 00:00:00
maven:3.6 security and enhancement update
2022-05-17 00:00:00
ubuntu
ubuntu
HttpClient vulnerability
2022-08-08 00:00:00
mageia
mageia
Updated httpcomponents-client packages fix a security vulnerability
2021-07-07 02:12:30
wolfi
wolfi
CVE-2020-13956 vulnerabilities
2024-07-05 21:08:40
suse
suse
Security update for jetty-minimal (moderate)
2021-01-04 00:00:00
freebsd
freebsd
Apache Maven -- multiple vulnerabilities
2021-04-04 00:00:00
atlassian
atlassian
Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities
2021-02-03 22:39:15
Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities
2021-02-03 22:39:15

0.028 Low

EPSS

Percentile

90.7%

JSON
Related for D783A7F4DFFB9905E79E357ACA80CE9623FFC55147AEC4BAF71DFFC0CC45C9F3
ibm58redhat22nessus32cve4cvelist4prion4cnvd1nvd4veracode3osv20openvas13redhatcve3github4githubexploit1debiancve3checkpoint_advisories1ubuntucve3debian4cgr1amazon1rocky2almalinux2oraclelinux2ubuntu1mageia1wolfi1suse1freebsd1atlassian2