What is CVE-2022-35720?

CVE-2022-35720 is a low-severity vulnerability in Ibm Sterling External Authentication Server, classified under Use of a Broken or Risky Cryptographic Algorithm. CVSS score: 2.3/10. Published 2023-02-08.

How severe is CVE-2022-35720?

Low severity. CVSS v3 base score is 2.3 out of 10.

Vulnerability in Ibm Sterling External Authentication Server

CVE-2022-35720

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force I…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.000 (14.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.3 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N.

Affected products

Ibm Sterling External Authentication Server — versions 6.1.0
Ibm Sterling Secure Proxy — versions 6.0.3

Weakness classification (CWE)

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm

References

www.ibm.com/support/pages/node/6890669 (vendor-advisory)
www.ibm.com/support/pages/node/6890663 (vendor-advisory)

Frequently asked questions

What is CVE-2022-35720?: CVE-2022-35720 is a low-severity vulnerability in Ibm Sterling External Authentication Server, classified under Use of a Broken or Risky Cryptographic Algorithm. CVSS score: 2.3/10. Published 2023-02-08.
How severe is CVE-2022-35720?: Low severity. CVSS v3 base score is 2.3 out of 10.