IBM Sterling Secure Proxy
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Sterling Secure Proxy.
By the Year
In 2026 there have been 0 vulnerabilities in IBM Sterling Secure Proxy. Last year, in 2025 Sterling Secure Proxy had 4 security vulnerabilities published. Right now, Sterling Secure Proxy is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 4 | 8.30 |
| 2024 | 7 | 5.43 |
| 2023 | 3 | 5.20 |
| 2022 | 4 | 6.70 |
| 2021 | 1 | 5.40 |
It may take a day or so for new Sterling Secure Proxy vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Sterling Secure Proxy Security Vulnerabilities
IBM Sterling Secure Proxy 6.2.0.0-6.2.0.1: Path Traversal via URL
CVE-2024-51453
7.5 - High
- May 28, 2025
IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Directory traversal
IBM Sterling Secure Proxy 6.0-6.2 Weak Crypto Decryption Vulnerability
CVE-2024-38341
7.5 - High
- May 28, 2025
IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Inadequate Encryption Strength
IBM Sterling Secure Proxy 6.0-6.2.0.0 Insecure Permission Assignments
CVE-2024-38337
9.1 - Critical
- January 19, 2025
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments.
Incorrect Permission Assignment for Critical Resource
OSCmdInj in IBM Sterling Secure Proxy 6.x (6.2)
CVE-2024-41783
9.1 - Critical
- January 19, 2025
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of a specified type of input.
Command Injection
IBM Sterling Secure Proxy 6.x Directory Traversal via URL Path
CVE-2024-41784
7.5 - High
- November 15, 2024
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the system.
Directory traversal
IBM Sterling Secure Proxy 6.0.3-6.1.0 XSS in Web UI
CVE-2023-47699
6.1 - Medium
- March 15, 2024
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270974.
XSS
IBM Sterling Secure Proxy 6.0.3/6.1.0: Log Message Overwrite Vulnerability
CVE-2023-47147
5.3 - Medium
- March 15, 2024
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598.
External Control of File Name or Path
IBM Sterling Secure Proxy 6.0.3/6.1.0 Local File Disclosure via Local Storage
CVE-2023-46181
3.3 - Low
- March 15, 2024
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686.
Use of Web Browser Cache Containing Sensitive Information
IBM Sterling Secure Proxy 6.0.3/6.1.0 XSS Web UI allows JS injection
CVE-2023-47162
6.1 - Medium
- March 15, 2024
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270973.
XSS
IBM Sterl. Sec. Proxy 6.1.0 WebUI XSS cred leak
CVE-2023-46182
5.4 - Medium
- March 15, 2024
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269692.
XSS
IBM Sterling Secure Proxy 6.0.3/6.1.0 SecureAttr Cookie Flaw
CVE-2023-46179
4.3 - Medium
- March 15, 2024
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683.
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
IBM Sterling Secure Proxy 6.0.3/6.1.0 memory clear flaw
CVE-2023-29261
5.5 - Medium
- September 05, 2023
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139.
Insecure Storage of Sensitive Information
IBM Sterling Secure Proxy 6.0.3/6.1.0 Credential Exposure
CVE-2023-32338
5.5 - Medium
- September 05, 2023
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.
Insufficiently Protected Credentials
IBM Sterling Secure Proxy 6.0.3 - HTTP Header Injection via HOST Header
CVE-2022-34362
4.6 - Medium
- February 08, 2023
IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523.
XSS
IBM Sterling Secure Proxy 6.0.3 Weak Crypto Decryption Vulnerability
CVE-2022-34361
7.5 - High
- December 06, 2022
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.
Use of a Broken or Risky Cryptographic Algorithm
IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure
CVE-2021-29726
5.3 - Medium
- May 17, 2022
IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104.
Improper Certificate Validation
IBM Sterling Secure Proxy 6.0.3.0
CVE-2022-22333
6.5 - Medium
- February 23, 2022
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133.
Classic Buffer Overflow
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could
CVE-2022-22336
7.5 - High
- February 23, 2022
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395.
Memory Leak
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF)
CVE-2021-29749
5.4 - Medium
- July 15, 2021
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201777.
SSRF
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Sterling Secure Proxy or by IBM? Click the Watch button to subscribe.
