Buffer Overflow Vulnerability in IBM Sterling Secure Proxy and External Authentication Server
CVE-2022-22333

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Sterling Secure Proxy
Vendor: CVE Published:; 23 February 2022

Summary

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server contain a vulnerability in the Jetty-based GUI. This vulnerability arises from improper validation of the sizes of form contents and HTTP headers. A local attacker within the Secure Zone can exploit this by submitting a specially crafted HTTP request, potentially leading to service disruption. This issue affects specific versions, making it crucial for users to address the vulnerability promptly.

Affected Version(s)

Sterling Secure Proxy 3.4.3.2

Sterling Secure Proxy 6.0.3.0

Sterling Secure Proxy 6.0.2.0

References

https://www.ibm.com/support/pages/node/6558796

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/219133

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 23, 2022
Vulnerability Reserved
Jan 3, 2022