Lucene search

[email protected]NVD:CVE-2023-29261

HistorySep 05, 2023 - 1:15 a.m.

CVE-2023-29261

2023-09-0501:15:07

CWE-922

[email protected]

web.nvd.nist.gov

ibm

sterling secure proxy

local user

privilege escalation

memory clearing

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

Percentile

5.1%

JSON

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139.

Affected configurations

Nvd

Node

ibmsterling_external_authentication_serverMatch6.0.3.0

ibmsterling_external_authentication_serverMatch6.1.0

VendorProductVersionCPE
ibmsterling_external_authentication_server6.0.3.0cpe:2.3:a:ibm:sterling_external_authentication_server:6.0.3.0:*:*:*:*:*:*:*
ibmsterling_external_authentication_server6.1.0cpe:2.3:a:ibm:sterling_external_authentication_server:6.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	sterling_external_authentication_server	6.0.3.0	cpe:2.3:a:ibm:sterling_external_authentication_server:6.0.3.0:::::::*
ibm	sterling_external_authentication_server	6.1.0	cpe:2.3:a:ibm:sterling_external_authentication_server:6.1.0:::::::*

References

exchange.xforce.ibmcloud.com/vulnerabilities/252139

https://www.ibm.com/support/pages/node/7029765

www.ibm.com/support/pages/node/7029765

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-29261

cvelist1 prion1 cve1 ibm1