CVE-2024-38341

Summary

IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Affected Software

VendorProductVersion RangeStatus
IBMSterling Secure Proxy6.0.0.0 <= 6.0.3.1affected
IBMSterling Secure Proxy6.1.0.0 <= 6.1.0.1affected
IBMSterling Secure Proxy6.2.0.0 <= 6.2.0.1affected

Weaknesses

  • CWE-328: CWE-328 Use of Weak Hash

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References