CVE-2021-29749

IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201777.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:secure_external_authentication_server:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_secure_proxy:6.0.2:*:*:*:*:*:*:*

History

19 Mar 2024, 17:10

Type Values Removed Values Added
CPE cpe:2.3:a:ibm:secure_proxy:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_secure_proxy:6.0.2:*:*:*:*:*:*:*
First Time Ibm sterling Secure Proxy

31 Jul 2021, 01:17

Type Values Removed Values Added
References (CONFIRM) https://www.ibm.com/support/pages/node/6471623 - (CONFIRM) https://www.ibm.com/support/pages/node/6471623 - Patch, Vendor Advisory
References (CONFIRM) https://www.ibm.com/support/pages/node/6471621 - (CONFIRM) https://www.ibm.com/support/pages/node/6471621 - Patch, Vendor Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/201777 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/201777 - VDB Entry, Vendor Advisory
CWE CWE-918
CPE cpe:2.3:a:ibm:secure_proxy:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:secure_external_authentication_server:6.0.2:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 5.5
v3 : 5.4

15 Jul 2021, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-15 16:15

Updated : 2024-03-19 17:10


NVD link : CVE-2021-29749

Mitre link : CVE-2021-29749

CVE.ORG link : CVE-2021-29749


JSON object : View

Products Affected

ibm

  • secure_external_authentication_server
  • sterling_secure_proxy
CWE
CWE-918

Server-Side Request Forgery (SSRF)