IBM Sterling External Authentication Server information disclosure
CVE-2022-35720

2.3LOW

Key Information:

Vendor: IBM
Status: Sterling External Authentication Server; Sterling Secure Proxy
Vendor: CVE Published:; 8 February 2023

Summary

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.

Affected Version(s)

Sterling External Authentication Server 6.1.0

Sterling Secure Proxy 6.0.3

References

https://www.ibm.com/support/pages/node/6890669

vendor-advisory

https://www.ibm.com/support/pages/node/6890663

vendor-advisory

CVSS V3.1

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 8, 2023
Vulnerability Reserved
Jul 12, 2022