Lucene search

IbmCVELIST:CVE-2022-35720

HistoryFeb 08, 2023 - 6:24 p.m.

CVE-2022-35720 IBM Sterling External Authentication Server information disclosure

2023-02-0818:24:03

CWE-327

ibm

www.cve.org

ibm

sterling

external authentication

information disclosure

weak cryptographic algorithms

CVSS3

2.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

5.1%

JSON

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Sterling External Authentication Server",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "6.1.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Sterling Secure Proxy",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "6.0.3"
      }
    ]
  }
]

References

www.ibm.com/support/pages/node/6890663

www.ibm.com/support/pages/node/6890669

CVSS3

2.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-35720