CVE-2023-32338

Published: Sep 5, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.

Affected (4)

Products: Ibm: Sterling External Authentication Server, Sterling Secure Proxy

2 products

Sterling External Authentication Server

Sterling Secure Proxy

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Sterling External Authentication Server	Version 6.0.3.0
Ibm Sterling External Authentication Server	Version 6.1.0
Ibm Sterling Secure Proxy	Version 6.0.3
Ibm Sterling Secure Proxy	Version 6.1.0

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (7)

https://exchange.xforce.ibmcloud.com/vulnerabilities/255585

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://https://www.ibm.com/support/pages/node/7029765

Source: psirt@us.ibm.com

Broken Link

https://www.ibm.com/support/pages/node/7029766

Source: psirt@us.ibm.com

Vendor Advisory

https://www.ibm.com/support/pages/node/7029765

Source: nvd@nist.gov

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/255585

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://https://www.ibm.com/support/pages/node/7029765

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.ibm.com/support/pages/node/7029766

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.