The vulnerability of the IBM Sterling Secure Proxy proxy server and the IBM Sterling External Authentication Server (SEAS) authentication and authorization server, which stems from the use of cryptographic algorithms containing defects, allows attackers to gain unauthorized access to protected information.

🗓️ 21 Feb 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server have cryptographic algorithm vulnerabilities enabling unauthorized access during installation.

Reporter	Title	Published	Views	Family All 12
IBM Security Bulletins	Security Bulletin: IBM Sterling Secure Proxy vulnerable to multiple issues	31 Jan 202314:18	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Sterling External Authentication Server	31 Jan 202314:51	–	ibm
CNNVD	IBM Sterling External Authentication Server 加密问题漏洞	8 Feb 202300:00	–	cnnvd
CNVD	IBM Sterling External Authentication Server Encryption Issue Vulnerability	9 Feb 202300:00	–	cnvd
CVE	CVE-2022-35720	8 Feb 202318:24	–	cve
Cvelist	CVE-2022-35720 IBM Sterling External Authentication Server information disclosure	8 Feb 202318:24	–	cvelist
NVD	CVE-2022-35720	8 Feb 202319:15	–	nvd
OSV	CVE-2022-35720	8 Feb 202319:15	–	osv
Prion	Authentication flaw	8 Feb 202319:15	–	prion
Positive Technologies	PT-2022-6309 · Ibm · Ibm Sterling Secure Proxy +1	12 Jul 202200:00	–	ptsecurity

Vulners

Node

ibm ibm_sterling_secure_proxyMatch6.0.3

ibm ibm_sterling_external_authentication_server_(seas)Match6.1.0

Source	Link
ibm	www.ibm.com/support/pages/node/6890663
ibm	www.ibm.com/support/pages/node/6890669
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-35720
vuldb	www.vuldb.com/ru/
web	www.web.nvd.nist.gov/view/vuln/detail
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/231373

21 Feb 2023 00:00Current

6Medium risk

Vulners AI Score6

CVSS 21.7

CVSS 32.3

EPSS0.00045