Certificate Validation Flaw in IBM Sterling Secure Proxy and Secure External Authentication Server
CVE-2021-29726

5.3MEDIUM

Key Information:

Vendor
IBM
Status
Secure External Authentication Server
Sterling Secure Proxy
Vendor
CVE Published:
17 May 2022

Summary

IBM Sterling Secure Proxy and IBM Secure External Authentication Server versions 6.0.3 exhibit a critical flaw where the system does not adequately validate that a certificate is linked to the corresponding host. This improper certificate validation can potentially allow unauthorized access or mislead the system into trusting invalid certificates, posing a significant security risk. Users are advised to apply patches and monitor their systems to mitigate any possible exploitation.

Affected Version(s)

Secure External Authentication Server 6.0.3

Sterling Secure Proxy 6.0.3

References

https://www.ibm.com/support/pages/node/6586754
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/6586756
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/201104
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.