CVE-2023-29261

CWE-9223 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 96.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling Secure Proxy IBM Sterling External Authentication Server

Timeline

PublishedSep 5

Description

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 1.4 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/sterling_secure_proxy6.0.3, 6.1.0

▶NVDibm/sterling_external_authentication_server6.0.3.0, 6.1.0+1

🔴Vulnerability Details

GHSA

GHSA-hhvw-v55m-7fff: IBM Sterling Secure Proxy 6↗2023-09-05

▶

CVEList

IBM Sterling Secure Proxy information disclosure↗2023-09-05

▶