CVE-2022-34361: IBM Sterling Secure Proxy information disclosure

Q: What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2022-34361.

Q: What is the severity of CVE-2022-34361?

The severity of CVE-2022-34361 is high with a CVSS score of 7.5.

Q: Which product is affected by CVE-2022-34361?

IBM Sterling Secure Proxy version 6.0.3 is affected by CVE-2022-34361.

Q: What is the impact of CVE-2022-34361?

CVE-2022-34361 could allow an attacker to decrypt highly sensitive information.

Q: Are there any references available for CVE-2022-34361?

Yes, you can find references for CVE-2022-34361 at the following links: 1. [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/230522) 2. [Link 2](https://www.ibm.com/support/pages/node/6844763)

Published Dec 5, 2022

Updated

IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.

Other sources

IBM Sterling Secure Proxy uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

— IBM

Affected Software

6 affected components

IBM Sterling Secure Proxy=6.0.3

IBM AIX

IBM Linux On Ibm Z

Linux Linux kernel

Microsoft Windows

IBM Sterling Secure Proxy<=6.0.3

Remediation

Patch Available

https://www.ibm.com/support/pages/node/6844763

Event History

Dec 5, 2022

CVE Published

12:00 AM

Dec 6, 2022

CVE Published

via MITRE·05:52 PM

Data Sourced

via MITRE·05:52 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-6844763

Frequently Asked Questions

What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2022-34361.

What is the severity of CVE-2022-34361?