cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-41783,https://securityvulnerability.io/vulnerability/CVE-2024-41783,Command Injection Vulnerability in IBM Sterling Secure Proxy,"The vulnerability in IBM Sterling Secure Proxy arises from improper validation of specific types of input, which could allow a privileged user to execute arbitrary commands on the underlying operating system. This flaw may lead to unauthorized access and manipulation of system resources, emphasizing the necessity for immediate technical interventions to mitigate exploitation risks.",IBM,Sterling Secure Proxy,9.1,CRITICAL,0.0005000000237487257,false,,false,false,false,,false,false,false,,2025-01-19T14:58:21.249Z,38
CVE-2024-38337,https://securityvulnerability.io/vulnerability/CVE-2024-38337,Unauthorized Access Vulnerability in IBM Sterling Secure Proxy,"IBM Sterling Secure Proxy versions 6.0.0.0 through 6.2.0.0 are affected by a vulnerability that allows unauthorized attackers to access or modify sensitive information. This stems from improper permission assignments, potentially exposing critical data to malicious actors. Organizations using these versions should evaluate their security posture and consider applying available updates to mitigate this risk.",IBM,Sterling Secure Proxy,9.1,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-19T14:56:18.995Z,0
CVE-2024-41784,https://securityvulnerability.io/vulnerability/CVE-2024-41784,Directory Traversal Vulnerability in IBM Sterling Secure Proxy,"A directory traversal vulnerability exists in IBM Sterling Secure Proxy that could enable a remote attacker to access unauthorized files on the system. By sending a specially crafted URL request containing specific patterns, such as 'dot dot dot' sequences (/.../), an attacker may exploit this flaw to gain access to arbitrary files, which could lead to unauthorized disclosures and potential further exploitation of the system. Affected users should apply recommended security updates to mitigate risks associated with this vulnerability.",IBM,Sterling Secure Proxy,7.5,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2024-11-15T16:15:00.000Z,0
CVE-2023-46181,https://securityvulnerability.io/vulnerability/CVE-2023-46181,IBM Sterling Secure Proxy Vulnerability Allows Web Page Storage and Reading by Other Users,IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system.  IBM X-Force ID:  269686.,IBM,Secure Proxy,4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-15T15:13:49.550Z,0
CVE-2023-47699,https://securityvulnerability.io/vulnerability/CVE-2023-47699,IBM Sterling Secure Proxy Vulnerable to Cross-Site Scripting,IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  270974.,IBM,Secure Proxy,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-03-15T15:11:38.385Z,0
CVE-2023-47147,https://securityvulnerability.io/vulnerability/CVE-2023-47147,Log Overwrite Vulnerability in IBM Sterling Secure Proxy 6.0.3 and 6.1.0,IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions.  IBM X-Force ID:  270598.,IBM,Secure Proxy,5.9,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-03-15T15:09:59.091Z,0
CVE-2023-46179,https://securityvulnerability.io/vulnerability/CVE-2023-46179,IBM Sterling Secure Proxy Vulnerability: Unsecured Authorization Tokens and Session Cookies,IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.  IBM X-Force ID:  269683.,IBM,Secure Proxy,4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-03-15T15:08:07.863Z,0
CVE-2023-47162,https://securityvulnerability.io/vulnerability/CVE-2023-47162,IBM Sterling Secure Proxy Vulnerable to Cross-Site Scripting,IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  270973.,IBM,Secure Proxy,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-03-15T15:06:29.746Z,0
CVE-2023-46182,https://securityvulnerability.io/vulnerability/CVE-2023-46182,IBM Sterling Secure Proxy Vulnerable to Cross-Site Scripting,IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  269692.,IBM,Secure Proxy,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-03-15T14:45:18.219Z,0
CVE-2023-29261,https://securityvulnerability.io/vulnerability/CVE-2023-29261,IBM Sterling Secure Proxy information disclosure,IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations.  IBM X-Force ID:  252139.,IBM,Sterling Secure Proxy,5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-09-05T01:15:00.000Z,0
CVE-2023-32338,https://securityvulnerability.io/vulnerability/CVE-2023-32338,IBM Sterling Secure Proxy information disclosure,IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access.  IBM X-Force ID:  255585.,IBM,Sterling Secure Proxy,5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-09-05T00:15:00.000Z,0
CVE-2022-34362,https://securityvulnerability.io/vulnerability/CVE-2022-34362,IBM Sterling Secure Proxy HOST header injection,"
IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523.

",IBM,Sterling Secure Proxy,4.6,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2023-02-08T18:30:03.902Z,0
CVE-2022-35720,https://securityvulnerability.io/vulnerability/CVE-2022-35720,IBM Sterling External Authentication Server information disclosure,IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information.  IBM X-Force ID:  231373.,IBM,"Sterling External Authentication Server,Sterling Secure Proxy",2.3,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-02-08T18:24:03.263Z,0
CVE-2022-34361,https://securityvulnerability.io/vulnerability/CVE-2022-34361,IBM Sterling Secure Proxy information disclosure,"
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.

",IBM,Sterling Secure Proxy,5.9,MEDIUM,0.001019999966956675,false,,false,false,false,,,false,false,,2022-12-06T17:52:40.621Z,0
CVE-2021-29726,https://securityvulnerability.io/vulnerability/CVE-2021-29726,Certificate Validation Flaw in IBM Sterling Secure Proxy and Secure External Authentication Server,"IBM Sterling Secure Proxy and IBM Secure External Authentication Server versions 6.0.3 exhibit a critical flaw where the system does not adequately validate that a certificate is linked to the corresponding host. This improper certificate validation can potentially allow unauthorized access or mislead the system into trusting invalid certificates, posing a significant security risk. Users are advised to apply patches and monitor their systems to mitigate any possible exploitation.",IBM,"Secure External Authentication Server,Sterling Secure Proxy",5.3,MEDIUM,0.0011899999808520079,false,,false,false,false,,,false,false,,2022-05-17T17:15:00.000Z,0
CVE-2022-22336,https://securityvulnerability.io/vulnerability/CVE-2022-22336,Denial of Service Vulnerability in IBM Sterling External Authentication Server and Secure Proxy,"A vulnerability in IBM Sterling External Authentication Server and IBM Sterling Secure Proxy allows a remote attacker to exploit a resource leak, potentially leading to excessive resource consumption and service disruption. This condition poses significant risks to security and service availability, necessitating immediate attention for affected users.",IBM,Sterling Secure Proxy,7.5,HIGH,0.0012799999676644802,false,,false,false,false,,,false,false,,2022-02-23T20:15:00.000Z,0
CVE-2022-22333,https://securityvulnerability.io/vulnerability/CVE-2022-22333,Buffer Overflow Vulnerability in IBM Sterling Secure Proxy and External Authentication Server,"IBM Sterling Secure Proxy and IBM Sterling External Authentication Server contain a vulnerability in the Jetty-based GUI. This vulnerability arises from improper validation of the sizes of form contents and HTTP headers. A local attacker within the Secure Zone can exploit this by submitting a specially crafted HTTP request, potentially leading to service disruption. This issue affects specific versions, making it crucial for users to address the vulnerability promptly.",IBM,Sterling Secure Proxy,6.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-02-23T20:15:00.000Z,0
CVE-2021-29722,https://securityvulnerability.io/vulnerability/CVE-2021-29722,Insufficient Cryptographic Standards in IBM Sterling Secure Proxy,"IBM Sterling Secure Proxy versions 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 utilize cryptographic algorithms that fall short of expected standards. This implementation flaw may allow malicious actors to bypass encryption measures and potentially decrypt sensitive information, posing serious security risks. For detailed information on this vulnerability, refer to IBM's official documentation and the IBM X-Force entry.",IBM,Sterling Secure Proxy,5.9,MEDIUM,0.0012400000123307109,false,,false,false,false,,,false,false,,2021-08-30T17:15:00.000Z,0
CVE-2021-29723,https://securityvulnerability.io/vulnerability/CVE-2021-29723,Weak Cryptographic Algorithms in IBM Sterling Secure Proxy,"IBM Sterling Secure Proxy is affected by a vulnerability that stems from the use of weaker than expected cryptographic algorithms. This weakness may allow an attacker to decrypt highly sensitive information transmitted within the application, posing serious security risks to data integrity and confidentiality. Users of affected versions should seek immediate remediation to safeguard their systems against potential exploits.",IBM,Sterling Secure Proxy,5.9,MEDIUM,0.0012400000123307109,false,,false,false,false,,,false,false,,2021-08-30T17:15:00.000Z,0
CVE-2021-29728,https://securityvulnerability.io/vulnerability/CVE-2021-29728,Hard-coded Credential Vulnerability in IBM Sterling Secure Proxy,"IBM Sterling Secure Proxy versions 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contain a vulnerability due to the presence of hard-coded credentials. These credentials are used for managing inbound authentication, enabling outbound communication to external components, and encrypting internal data. This flaw exposes sensitive information, posing significant risks to the integrity and confidentiality of the system.",IBM,Sterling Secure Proxy,4.9,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2021-08-30T17:15:00.000Z,0
CVE-2021-29749,https://securityvulnerability.io/vulnerability/CVE-2021-29749,,"IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201777.",IBM,"Secure Proxy,Secure External Authentication Server",6.5,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2021-07-15T16:15:00.000Z,0
CVE-2021-29725,https://securityvulnerability.io/vulnerability/CVE-2021-29725,,"IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.",IBM,"Secure External Authentication Server,Secure Proxy",7.5,HIGH,0.0031399999279528856,false,,false,false,false,,,false,false,,2021-07-15T16:15:00.000Z,0
CVE-2020-4462,https://securityvulnerability.io/vulnerability/CVE-2020-4462,,"IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181482.",IBM,"Sterling Secure Proxy,External Authentication Server,Sterling External Authentication Server",8.2,HIGH,0.0030400000978261232,false,,false,false,false,,,false,false,,2020-07-16T15:15:00.000Z,0
CVE-2016-6027,https://securityvulnerability.io/vulnerability/CVE-2016-6027,,"The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.",IBM,Sterling Secure Proxy,6.1,MEDIUM,0.0011599999852478504,false,,false,false,false,,,false,false,,2016-10-06T10:00:00.000Z,0
CVE-2016-6025,https://securityvulnerability.io/vulnerability/CVE-2016-6025,,The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL.,IBM,Sterling Secure Proxy,5.9,MEDIUM,0.0020099999383091927,false,,false,false,false,,,false,false,,2016-10-06T10:00:00.000Z,0