Lucene search

Secure External Authentication Server Security Vulnerabilities

cve

CVE-2020-4462

IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive ...

8.2CVSS

8AI Score

0.003EPSS

2020-07-16 03:15 PM

cve

CVE-2021-29725

IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.

7.5CVSS

7.3AI Score

0.003EPSS

2021-07-15 04:15 PM

cve

CVE-2021-29726

IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104.

5.3CVSS

5.1AI Score

0.001EPSS

2022-05-17 05:15 PM

cve

CVE-2021-29749

IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-For...

5.4CVSS

5.6AI Score

0.001EPSS

2021-07-15 04:15 PM