Vulnerabilities > CVE-2022-35720 - Unspecified vulnerability in IBM products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

ibm

NVD

Published: 2023-02-08

Updated: 2024-11-21

Summary

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Sterling External Authentication Server 6.1.0 IBM Sterling Secure Proxy 6.0.3	2
OS	Ibm IBM AIX - IBM Linux ON IBM Z -	2
OS	Linux Linux Linux Kernel -	1
OS	Microsoft Microsoft Windows -	1

References

https://www.ibm.com/support/pages/node/6890663
https://www.ibm.com/support/pages/node/6890663
https://www.ibm.com/support/pages/node/6890669
https://www.ibm.com/support/pages/node/6890669