Integration News
IBM Sterling Secure Proxy is vulnerable to multiple issues.
Vulnerability Details
CVEID: CVE-2024-29857
Description: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importing an EC certificate with crafted F2m parameters, a remote attacker could exploit this vulnerability to cause excessive CPU consumption.
CVSS Source: IBM X-Force
CVSS Base score: 7,5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
Remediation/Fixes
Product | Affected Version | Fixed-in Version(s) | Remediation |
IBM Sterling Secure Proxy | 6.1.0.0 - 6.1.0.1 | 6.1.0.1 iFix 02 | |
IBM Sterling Secure Proxy | 6.2.0.0 - 6.2.0.1 | 6.2.0.1 iFix 01 |
Workarounds and Mitigations
None.
Haga clic en el siguiente botón para descargar este boletín en formato Pdf.
