Severity
Medium
Analysis Summary
CVE-2024-38341 CVSS:5.9
IBM Sterling Secure Proxy could allow a remote attacker to obtain sensitive information due to the use of weaker-than-expected cryptographic algorithms. An attacker could exploit this vulnerability to decrypt highly sensitive information.
CVE-2024-51453 CVSS:4.3
IBM Sterling Secure Proxy could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2025-3357 CVSS:9.8
IBM Tivoli Monitoring could allow a remote attacker to execute arbitrary code, caused by improper validation of an index value of a dynamically allocated array.
Impact
- Information Disclosure
- Code Execution
Indicators of Compromise
CVE
CVE-2024-38341
CVE-2024-51453
CVE-2025-3357
Affected Vendors
- IBM
Affected Products
- IBM Tivoli Monitoring - 6.3.0.7
- IBM Sterling Secure Proxy - 6.0.0.0
- IBM Sterling Secure Proxy - 6.1.0.0
- IBM Sterling Secure Proxy - 6.2.0.0
Remediation
Refer to the IBM Security Advisory for patch, upgrade, or suggested workaround information.