CVE-2022-35720

2023-02-0819:15:11

CWE-327

[email protected]

web.nvd.nist.gov

ibm

sterling server

weak cryptography

vulnerability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

Percentile

5.1%

JSON

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.

Affected configurations

Nvd

Node

ibmsterling_external_authentication_serverMatch6.1.0

ibmsterling_secure_proxyMatch6.0.3

AND

ibmaixMatch-

ibmlinux_on_ibm_zMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

VendorProductVersionCPE
ibmsterling_external_authentication_server6.1.0cpe:2.3:a:ibm:sterling_external_authentication_server:6.1.0:*:*:*:*:*:*:*
ibmsterling_secure_proxy6.0.3cpe:2.3:a:ibm:sterling_secure_proxy:6.0.3:*:*:*:*:*:*:*
ibmaix-cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
ibmlinux_on_ibm_z-cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	sterling_external_authentication_server	6.1.0	cpe:2.3:a:ibm:sterling_external_authentication_server:6.1.0:::::::*
ibm	sterling_secure_proxy	6.0.3	cpe:2.3:a:ibm:sterling_secure_proxy:6.0.3:::::::*
ibm	aix	-	cpe:2.3:o:ibm:aix:-:::::::*
ibm	linux_on_ibm_z	-	cpe:2.3:o:ibm:linux_on_ibm_z:-:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*