T3 2024 Sterling Secure Proxy is vulnerable to multiple issues

Integration News

IBM Sterling Secure Proxy is vulnerable to multiple issues.

Summary

Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix.

 

Vulnerability Details

CVEID: CVE-2024-20952
Description: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high integrity impact.
CWE: Click here.
CVSS Source:CVE.org
CVSS Base score: 7.4
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID: CVE-2024-20918
Description: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality impact and high integrity impact.
CWE: Click here.
CVSS Source: IBM X-Force
CVSS Base score: 7.4
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID: CVE-2024-20921
Description: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality impact.
CWE: Click here.
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2024-20919
Description: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high integrity impact.
CVSS Source: IBM X-Force
CVSS Base score: 4.7
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2024-20926
Description: An unspecified vulnerability in Java SE related to the Scripting component could allow a remote attacker to cause high confidentiality impact.
CWE: Click here.
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2024-20945
Description: An unspecified vulnerability in Java SE related to the VM component could allow a local authenticated attacker to cause high confidentiality impact.
CWE: Click here.
CVSS Source: IBM X-Force
CVSS Base score: 4.7
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2023-33850
Description: IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an
attacker could exploit this vulnerability to obtain sensitive nformation.
CWE: Click here.
CVSS Source: IBM 
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S: U/C:H/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

Product 

Affected Version 

Remediation/
Fix/Instructions

IBM Sterling
Secure Proxy

6.0.0.0
6.0.1.0
6.0.2.0
6.0.3.0

6.0.3.1 GA
Fix Central

IBM Sterling
Secure Proxy

6.1.0.0

6.1.0.1 GA
Fix Central

Workarounds and Mitigations

None.

Cliquez sur le bouton ci-dessous pour télécharger cette lettre d’information au format Pdf.

Cliquez ici pour télécharger