Weak Cryptographic Algorithms in IBM Sterling Secure Proxy
CVE-2024-38341

7.5HIGH

Key Information:

Vendor: IBM
Status: Sterling Secure Proxy
Vendor: CVE Published:; 28 May 2025

What is CVE-2024-38341?

IBM Sterling Secure Proxy versions ranging from 6.0.0.0 through 6.0.3.1, 6.1.0.0, and 6.2.0.0 through 6.2.0.1 utilize cryptographic algorithms that are not strong enough to secure highly sensitive data. This weakness may allow malicious actors to potentially decrypt confidential information, posing significant risks to data integrity and privacy.

Affected Version(s)

Sterling Secure Proxy 6.0.0.0 <= 6.0.3.1

Sterling Secure Proxy 6.1.0.0 <= 6.1.0.1

Sterling Secure Proxy 6.2.0.0 <= 6.2.0.1

References

https://www.ibm.com/support/pages/node/7234888

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2025
Vulnerability Reserved
Jun 13, 2024