Summary: IBM has revealed several critical vulnerabilities in its Sterling Secure Proxy (SSP) that could allow attackers to execute commands, access sensitive data, or cause denial of service. The vulnerabilities, with high CVSS scores, stem from improper input validation and incorrect permission assignments. IBM has released fix packs to address these issues, emphasizing the urgency of applying the updates.
Threat Actor: Unknown | unknown
Victim: IBM | IBM
Keypoints :
- Vulnerability CVE-2024-41783 allows command injection by authenticated users (CVSS 9.1).
- CVE-2024-38337 enables unauthorized access to sensitive information due to incorrect permissions (CVSS 9.1).
- CVE-2024-25016 may lead to denial of service attacks via IBM MQ (CVSS 7.5).
- IBM has released multiple fix packs for the vulnerabilities, with no workarounds provided.