CVE-2023-32338 — Insufficiently Protected Credentials in IBM Sterling Secure Proxy

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

5.5MEDIUMNVD

CNA5.1

EPSS

0.0%

top 95.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling Secure Proxy IBM Sterling External Authentication Server

Timeline

PublishedSep 5

Description

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDibm/sterling_external_authentication_server6.0.3.0, 6.1.0+1

▶CVEListV5ibm/sterling_secure_proxy6.0.3, 6.1.0

▶NVDibm/sterling_secure_proxy6.0.3, 6.1.0+1

🔴Vulnerability Details

GHSA

GHSA-2268-rqjm-gx38: IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6↗2023-09-05

▶

CVEList

IBM Sterling Secure Proxy information disclosure↗2023-09-04

▶