Integration News
IBM Sterling External Authentication Server is vulnerable to multiple issues
Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes.
CVEID: CVE-2023-29261
Description: IBM Sterling Secure Proxy could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations.
CVSS Base score: 5.1
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2020-13936
Description: Apache Velocity could allow a remote attacker to execute arbitrary code on the system, caused by a sandbox bypass flaw. By modifying the Velocity templates, an attacker could exploit this vulnerability to execute arbitrary code with the same privileges as the account running the Servlet container.
CVSS Base score: 9.8
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
Remediation/Fixes
Workarounds and Mitigations
None.
Click on the button below to download this newsletter in Pdf format.