CVE-2023-32338

MEDIUM

IBM Sterling External Authentication ... - Insufficiently Protected Credentials

Title source: rule

Description

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.

References (4)

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/255585

[Broken Link] https://https://www.ibm.com/support/pages/node/7029765

[Vendor Advisory] https://www.ibm.com/support/pages/node/7029766

[Vendor Advisory] https://www.ibm.com/support/pages/node/7029765

Scores

CVSS v3 5.1

EPSS 0.0002

EPSS Percentile 4.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (4)

ibm/sterling_external_authentication_server

ibm/sterling_secure_proxy

Timeline

Published Sep 05, 2023

Tracked Since Feb 18, 2026