PT-2023-23735 · Ibm · Ibm Sterling External Authentication Server+1
Published
2023-09-04
·
Updated
2023-09-08
·
CVE-2023-32338
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server versions 6.0.3 through 6.1.0
Description
The issue allows a local user with container access to read user credentials stored in plain clear text.
Recommendations
For versions 6.0.3 and 6.1.0, consider restricting access to the container to minimize the risk of exploitation until a fix is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Sterling External Authentication Server
Ibm Sterling Secure Proxy