CVE-2021-29726 - OpenCVE

IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Secure External Authentication Server Sterling Secure Proxy

Configuration 1 [-]

OR	cpe:2.3:a:ibm:secure_external_authentication_server:6.0.3:::::::*
	cpe:2.3:a:ibm:sterling_secure_proxy:6.0.3:::::::*

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/201104	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6586754	Patch Vendor Advisory
https://www.ibm.com/support/pages/node/6586756	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2022-05-16T00:00:00

Updated: 2022-05-17T16:25:20

Reserved: 2021-03-31T00:00:00

Link: CVE-2021-29726

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-17T17:15:07.903

Modified: 2023-01-24T16:07:58.757

Link: CVE-2021-29726

JSON object: View

Redhat Information

No data.

CWE

CWE-295

{"containers": {"cna": {"affected": [{"product": "Secure External Authentication Server", "vendor": "IBM", "versions": [{"status": "affected", "version": "6.0.3"}]}, {"product": "Sterling Secure Proxy", "vendor": "IBM", "versions": [{"status": "affected", "version": "6.0.3"}]}], "datePublic": "2022-05-16T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/AC:L/UI:N/PR:N/A:N/AV:N/C:N/I:L/RC:C/RL:O/E:U", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Bypass Security", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-05-17T16:25:20", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6586754"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6586756"}, {"name": "ibm-sterling-cve202129726-sec-bypass (201104)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201104"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-05-16T00:00:00", "ID": "CVE-2021-29726", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Secure External Authentication Server", "version": {"version_data": [{"version_value": "6.0.3"}]}}, {"product_name": "Sterling Secure Proxy", "version": {"version_data": [{"version_value": "6.0.3"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "N", "C": "N", "I": "L", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Bypass Security"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6586754", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6586754 (Sterling Secure Proxy)", "url": "https://www.ibm.com/support/pages/node/6586754"}, {"name": "https://www.ibm.com/support/pages/node/6586756", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6586756 (Secure External Authentication Server)", "url": "https://www.ibm.com/support/pages/node/6586756"}, {"name": "ibm-sterling-cve202129726-sec-bypass (201104)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201104"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29726", "datePublished": "2022-05-16T00:00:00", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2022-05-17T16:25:20", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:secure_external_authentication_server:6.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "B8F3E33B-1852-4394-AA88-23692E886FD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:6.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "8179D781-F2AC-4D9E-BF20-0B082C3B6C4F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104."}, {"lang": "es", "value": "IBM Sterling Secure Proxy versi\u00f3n 6.0.3 e IBM Secure External Authentication Server versi\u00f3n 6.0.3, no garantizan apropiadamente que un certificado est\u00e9 realmente asociado con el host debido a una comprobaci\u00f3n incorrecta de los certificados. IBM X-Force ID: 201104"}], "id": "CVE-2021-29726", "lastModified": "2023-01-24T16:07:58.757", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-17T17:15:07.903", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201104"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6586754"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6586756"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}