Analysis Summary

CVE-2024-38341 CVSS:5.9

IBM Sterling Secure Proxy could allow a remote attacker to obtain sensitive information due to the use of weaker-than-expected cryptographic algorithms. An attacker could exploit this vulnerability to decrypt highly sensitive information.

CVE-2024-51453 CVSS:4.3

IBM Sterling Secure Proxy could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

CVE-2025-3357 CVSS:9.8

IBM Tivoli Monitoring could allow a remote attacker to execute arbitrary code, caused by improper validation of an index value of a dynamically allocated array.

Impact

• Information Disclosure
• Code Execution

Indicators of Compromise

CVE

• CVE-2024-38341

• CVE-2024-51453

• CVE-2025-3357

Affected Vendors

Remediation

Refer to the IBM Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-38341

CVE-2024-51453

CVE-2025-3357