PT-2022-9929 · Ibm · Ibm Secure External Authentication Server+1
Published
2022-05-17
·
Updated
2023-01-24
·
CVE-2021-29726
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Sterling Secure Proxy version 6.0.3
IBM Secure External Authentication Server version 6.0.3
Description
The issue arises from improper validation of certificates, which fails to ensure that a certificate is actually associated with the host.
Recommendations
For IBM Sterling Secure Proxy version 6.0.3, update the software to properly validate certificates.
For IBM Secure External Authentication Server version 6.0.3, update the software to properly validate certificates.
As a temporary workaround, consider restricting the use of certificate validation until a patch is available.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Secure External Authentication Server
Ibm Sterling Secure Proxy