KB Article #179723
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2017
List of possible security vulnerabilities reported against SecureTransport and corresponding analysis based on Axway's research.
NOTE: This KB lists only the vulnerabilities, tagged with the year 2017. For CVEs from other years, refer to the following articles:
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2018
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2016
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2015
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2014
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2013
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2012
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2011
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2010
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2009 and earlier
Additional lists of security vulnerabilities reported against SecureTransport application without formal CVE/CWE identifiers or against ST appliance platforms can be found at :
- Security vulnerabilities reported against SecureTransport, without formal CVE or CWE identifier
- Security vulnerabilities reported against ST appliances
| CVE Reference | CVSS v2 Base Score | Attack Vector | Version Reported | Version Fixed | KB Article |
| CVE-2017-7525 | 8.1 | Network | prior to 5.3.1 | N/A | - |
| Added: N/A | Last modified: N/A | ||||
|
Axway PSG has given a CVSS score of 8.1
ST earlier than 5.3.1 uses Struts 1.1.
Please note that the attack vector, described in CVE-2017-7525 was examined and executed against SecureTransport 5.2.1.x.
The tests showed that no remote code is executed and no malicious code was found in SecureTransport's responses.
The reported attack vector cannot be used to exploit SecureTransport and SecureTransport is not vulnerable to CVE-2017-7525.
Recommendation: considering upgrade to ST 5.3.1 or 5.3.3 where Apache Struts is no longer used.
ST versions 5.3.1 and above are not affected as they are not using Struts |
|||||
| CVE-2017-15707 | 5.9 | Network | prior to 5.3.1 | N/A | - |
| Added: N/A | Last modified: N/A | ||||
|
Axway PSG has given a CVSS score of 5.9
ST earlier than 5.3.1 uses Struts 1.1.
Please note that the attack vector, described in CVE-2017-15707 was examined and executed against SecureTransport 5.2.1.x.
The tests showed that no remote code is executed and no malicious code was found in SecureTransport's responses.
The reported attack vector cannot be used to exploit SecureTransport and SecureTransport is not vulnerable to CVE-2017-15707.
Recommendation: considering upgrade to ST 5.3.1 or 5.3.3 where Apache Struts is no longer used.
ST versions 5.3.1 and above are not affected as they are not using Struts |
|||||
| CVE-2017-5638 | 9.8 | Network | prior to 5.3.1 | N/A | - |
| Added: N/A | Last modified: N/A | ||||
|
Axway PSG has given a CVSS score of 10.0
ST earlier than 5.3.1 uses Struts 1.1.
Please note that the attack vector, described in CVE-2017-5638 was examined and executed against SecureTransport 5.2.1.x.
The tests showed that no remote code is executed and no malicious code was found in SecureTransport's responses.
The reported attack vector cannot be used to exploit SecureTransport and SecureTransport is not vulnerable to CVE-2017-5638.
Recommendation: considering upgrade to ST 5.3.1 or 5.3.3 where Apache Struts is no longer used.
ST versions 5.3.1 and above are not affected as they are not using Struts. |
|||||