CVE-2024-38337

Published: Jan 19, 2025Modified: Jul 25, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: psirt@us.ibm.com (Secondary)

Description

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments.

Affected (3)

Products: Ibm: Sterling Secure Proxy

Ibm

1 product

Sterling Secure Proxy

Configuration A

3 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Ibm Sterling Secure Proxy	From 6.0.0.0 to 6.0.3.1
Ibm Sterling Secure Proxy	Version 6.1.0.0
Ibm Sterling Secure Proxy	Version 6.2.0.0

Running on/with	Platform Versions
Ibm Aix	All versions
Ibm Linux On Ibm Z	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (1)

https://www.ibm.com/support/pages/node/7179166

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.