Integration News

IBM Sterling Secure Proxy is vulnerable to multiple issues.

Vulnerability Details

CVEID: CVE-2024-29857

Description: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importing an EC certificate with crafted F2m parameters, a remote attacker could exploit this vulnerability to cause excessive CPU consumption.

CVSS Source: IBM X-Force
CVSS Base score: 7,5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Remediation/Fixes

Product

Affected Version

Fixed-in Version(s)

Remediation

IBM Sterling Secure Proxy

6.1.0.0 - 6.1.0.1

6.1.0.1 iFix 02

IBM Sterling Secure Proxy

6.2.0.0 - 6.2.0.1

6.2.0.1 iFix 01

Workarounds and Mitigations

None.

Click the button below to download this newsletter in PDF format.

 

 

home.b2b.solutions
Privacy Overview

This website uses cookies so that we can offer you the best possible user experience.
Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website or helping our team understand which sections of the website you find most interesting and useful.