Integration News

IBM Sterling Secure Proxy is vulnerable to multiple issues.

Summary
Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix.

Vulnerability Details
CVEID: CVE-2024-29857
Description: The Bouncy Castle Crypto Package for Java is vulnerable to a denial of service, caused by improper input validation. By importing an EC certificate with crafted F2m parameters, a remote attacker could exploit this vulnerability to cause excessive CPU consumption.
CWE: CWE-125: Out-of-bounds Read
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Remediation/Fixes

Product

Affected Version

Fixed-in Version(s)

Remediation

IBM Sterling Secure Proxy

6.1.0.0 - 6.1.0.1

6.1.0.1 iFix 03

IBM Sterling Secure Proxy

6.2.0.0 - 6.2.0.1

6.2.0.1 iFix 02

Workarounds and Mitigations

None.

Change History

28 Feb 2025: Initial Publication

Click the button below to download this newsletter in PDF format.

Download

 

 

home.b2b.solutions
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can offer you the best possible user experience.
Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website or helping our team understand which sections of the website you find most interesting and useful.