CVE-2024-38337

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
9.1CRITICAL
EPSS
0.1%
top 70.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Sterling Secure Proxy
Timeline
PublishedJan 19

Description

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

NVDibm/sterling_secure_proxy6.0.0.06.0.3.1+2
CVEListV5ibm/sterling_secure_proxy6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, 6.2.0.0

🔴Vulnerability Details

2
GHSA
GHSA-frrr-v394-xgfj: IBM Sterling Secure Proxy 62025-01-19
CVEList
IBM Sterling Secure Proxy improper input validation2025-01-19
CVE-2024-38337 (CRITICAL CVSS 9.1) | IBM Sterling Secure Proxy 6.0.0.0 | cvebase.io