T3 2024 Sterling Authentication Server is vulnerable to multiple issues

Integration News

IBM Sterling External Authentication Server is vulnerable to multiple issues.

Summary

Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes.

Vulnerability Details

CVEID: CVE-2024-20952
Description: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high integrity impact.
CWE: Click here.
CVSS Source:CVE.org
CVSS Base score: 7.4
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID: CVE-2024-20918
Description: An unspecified vulnerability in Java SE related to the VM component could allow a confidentiality impact and high integrity impact.
CWE: Click here.
CVSS Source: IBM X-Force
CVSS Base score: 7.4
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID: CVE-2024-20921
Description: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality impact.
CWE: Click here.
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2024-20919
Description: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high integrity impact.
CVSS Source: IBM X-Force
CVSS Base score: 4.7
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2024-20926
Description: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high integrity impact.
CWE: Click here.
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2024-20945
Description: An unspecified vulnerability in Java SE related to the VM component could allow a local authenticated attacker to cause high confidentiality impact.
CWE: Click here.
CVSS Source: IBM X-Force
CVSS Base score: 4.7
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2023-33850
Description: IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an
attacker could exploit this vulnerability to obtain sensitive nformation.
CWE: Click here.
CVSS Source: IBM
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S: U/C:H/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

Product	Affected Version	Remediation/ Fix/Instructions
IBM Secure External Authentication Server	6.0.0.0 6.0.1.0 6.0.2.0 6.0.3.0	6.0.3.1 GA Fix Central
IBM Secure External Authentication Server	6.1.0.0 6.1.0.1	6.0.3.1 GA Fix Central

Workarounds and Mitigations

None.

Cliquez sur le bouton ci-dessous pour télécharger cette lettre d’information au format Pdf.

Cliquez ici pour télécharger