CVE-2022-35720

CWE-327Broken Cryptographic Algorithm3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 86.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Sterling External Authentication ServerIBM Sterling Secure Proxy
Timeline
PublishedFeb 8

Description

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 0.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5ibm/sterling_secure_proxy6.0.3

Patches

Patch: www.ibm.comPatch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
CVEList
IBM Sterling External Authentication Server information disclosure2023-02-08
GHSA
GHSA-j98c-p6qv-fm8c: IBM Sterling External Authentication Server 62023-02-08
CVE-2022-35720 (MEDIUM CVSS 5.5) | IBM Sterling External Authenticatio | cvebase.io