PT-2022-6309 · Ibm · Ibm Sterling External Authentication Server+1
Published
2022-07-12
·
Updated
2023-02-19
·
CVE-2022-35720
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Sterling External Authentication Server version 6.1.0
IBM Sterling Secure Proxy version 6.0.3
Description
The issue is related to the use of weaker than expected cryptographic algorithms during installation, which could allow a local attacker to decrypt sensitive information. This may enable an attacker to gain unauthorized access to protected information.
Recommendations
For IBM Sterling External Authentication Server version 6.1.0, update the cryptographic algorithms used during installation to stronger ones.
For IBM Sterling Secure Proxy version 6.0.3, update the cryptographic algorithms used during installation to stronger ones.
As a temporary workaround, consider restricting access to sensitive information until the issue is resolved.
Fix
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Sterling External Authentication Server
Ibm Sterling Secure Proxy