Unauthorized Access Vulnerability in IBM Sterling Secure Proxy
CVE-2024-38337

9.1CRITICAL

Key Information:

Vendor: IBM
Status: Sterling Secure Proxy
Vendor: CVE Published:; 19 January 2025

What is CVE-2024-38337?

IBM Sterling Secure Proxy versions 6.0.0.0 through 6.2.0.0 are affected by a vulnerability that allows unauthorized attackers to access or modify sensitive information. This stems from improper permission assignments, potentially exposing critical data to malicious actors. Organizations using these versions should evaluate their security posture and consider applying available updates to mitigate this risk.

Affected Version(s)

Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, 6.2.0.0

References

https://www.ibm.com/support/pages/node/7179166

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 19, 2025
Vulnerability Reserved
Jun 13, 2024