IBM Sterling Secure Proxy
By the Year
In 2024 there have been 6 vulnerabilities in IBM Sterling Secure Proxy with an average score of 5.1 out of ten. Last year Sterling Secure Proxy had 1 security vulnerability published. That is, 5 more vulnerabilities have already been reported in 2024 as compared to last year. Last year, the average CVE base score was greater by 0.42
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 6 | 5.08 |
| 2023 | 1 | 5.50 |
| 2022 | 3 | 6.43 |
| 2021 | 1 | 5.40 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Sterling Secure Proxy vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Sterling Secure Proxy Security Vulnerabilities
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting
CVE-2023-47699
6.1 - Medium
- March 15, 2024
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270974.
XSS
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions
CVE-2023-47147
5.3 - Medium
- March 15, 2024
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598.
External Control of File Name or Path
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system
CVE-2023-46181
3.3 - Low
- March 15, 2024
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686.
Use of Web Browser Cache Containing Sensitive Information
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting
CVE-2023-47162
6.1 - Medium
- March 15, 2024
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270973.
XSS
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting
CVE-2023-46182
5.4 - Medium
- March 15, 2024
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269692.
XSS
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies
CVE-2023-46179
4.3 - Medium
- March 15, 2024
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683.
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text
CVE-2023-32338
5.5 - Medium
- September 05, 2023
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.
Insufficiently Protected Credentials
IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure
CVE-2021-29726
5.3 - Medium
- May 17, 2022
IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104.
Improper Certificate Validation
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could
CVE-2022-22336
7.5 - High
- February 23, 2022
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395.
Memory Leak
IBM Sterling Secure Proxy 6.0.3.0
CVE-2022-22333
6.5 - Medium
- February 23, 2022
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133.
Classic Buffer Overflow
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF)
CVE-2021-29749
5.4 - Medium
- July 15, 2021
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201777.
XSPA
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Sterling Secure Proxy or by IBM? Click the Watch button to subscribe.
