QID 377865

Date Published: 2023-01-18

QID 377865: IBM Sterling Secure Proxy Multiple Vulnreabilities (6558796)

IBM Sterling Secure Proxy is a DMZ-based application software proxy enabling secure and high-speed data movement over the internet

CVE-2022-22336: could allow a remote user to consume resources causing a denial of service due to a resource leak.

CVE-2022-22333: could submit a specially crafted HTTP request to disrupt service.

Affected Version

IBM Sterling Secure Proxy 6.0.3.0
IBM Sterling Secure Proxy 6.0.2.0
IBM Sterling Secure Proxy 3.4.3.2

QID Detection logic (Authenticated):
It detects the vulnerable version of Sterling Secure proxy and iFix using the registry key

An attacker could exploit this vulnerability to cause denial of service

CVSS V3 rated as High - 7.5 severity.

CVSS V2 rated as Medium - 5 severity.

Solution

Newer versions are available to download. For more information about this product or to check for new releases, go to the 6558796.

Vendor References

IBM Sterling Secure Proxy - www.ibm.com/support/pages/node/6558796

CVEs related to QID 377865

CVE-2022-22336 | CVE-2022-22333 |

Software Advisories

Advisory ID	Software	Component	Link
6558796			www.ibm.com/support/pages/node/6558796

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].