Ibm Sterling Secure Proxy
17 CVEs affecting Ibm Sterling Secure Proxy. Latest disclosed: 2025-05-28. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-41783 | Critical | 9.1 | 2025-01-19 | IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operati… |
CVE-2024-38337 | Critical | 9.1 | 2025-01-19 | IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive informat… |
CVE-2020-4462 | High | 8.2 | 2020-07-16 | IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an… |
CVE-2024-41784 | High | 7.5 | 2024-11-15 | IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker coul… |
CVE-2022-22336 | High | 7.5 | 2022-02-23 | IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing… |
CVE-2022-22333 | Medium | 6.5 | 2022-02-23 | IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty base… |
CVE-2024-38341 | Medium | 5.9 | 2025-05-28 | IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that… |
CVE-2022-34361 | Medium | 5.9 | 2022-12-06 | IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X… |
CVE-2021-29723 | Medium | 5.9 | 2021-08-30 | IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly… |
CVE-2021-29722 | Medium | 5.9 | 2021-08-30 | IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly… |
CVE-2021-29726 | Medium | 5.3 | 2022-05-17 | IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the… |
CVE-2023-29261 | Medium | 5.1 | 2023-09-05 | IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequat… |
CVE-2023-32338 | Medium | 5.1 | 2023-09-04 | IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a lo… |
CVE-2021-29728 | Medium | 4.9 | 2021-08-30 | IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its ow… |
CVE-2022-34362 | Medium | 4.6 | 2023-02-08 | IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attack… |
CVE-2024-51453 | Medium | 4.3 | 2025-05-28 | IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially craft… |
CVE-2022-35720 | Low | 2.3 | 2023-02-08 | IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation th… |