NEWS T3 2023 IBM Sterling External Authentication Server is vulnerable to multiple issues

Integration News

IBM Sterling External Authentication Server is vulnerable to multiple issues

Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes.

CVEID: CVE-2023-29261
Description: IBM Sterling Secure Proxy could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations.
CVSS Base score: 5.1
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2020-13936
Description: Apache Velocity could allow a remote attacker to execute arbitrary code on the system, caused by a sandbox bypass flaw. By modifying the Velocity templates, an attacker could exploit this vulnerability to execute arbitrary code with the same privileges as the account running the Servlet container.
CVSS Base score: 9.8
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Remediation/Fixes

Workarounds and Mitigations

None. 

Fare clic sul pulsante sottostante per scaricare questa newsletter in formato Pdf.