IBM has disclosed multiple critical vulnerabilities affecting its Sterling Secure Proxy (SSP), a critical solution for secure data transfer across business networks. These vulnerabilities, which could allow attackers to inject commands, access sensitive information, or cause denial of service.
The first vulnerability, identified as CVE-2024-41783 (CVSS 9.1), allows authenticated, privileged users to inject commands into the underlying operating system. This vulnerability arises due to improper validation of a specific type of input, enabling malicious actors to potentially compromise the system’s integrity and confidentiality.
The second vulnerability, designated CVE-2024-38337 (CVSS 9.1), permits unauthorized attackers to retrieve or alter sensitive information. This vulnerability stems from incorrect permission assignments, potentially leading to unauthorized access and data breaches.
Finally, IBM Sterling Secure Proxy utilizes IBM MQ, which itself is susceptible to improper input validation. This vulnerability, tracked as CVE-2024-25016 (CVSS 7.5), could allow a remote unauthenticated attacker to launch a denial of service attack due to incorrect buffering logic.
IBM has released fix packs to address these vulnerabilities:
- CVE-2024-41783 and CVE-2024-38337:
- Version 6.0.3.1 for IBM SSP 6.0.x
- Version 6.1.0.1 for IBM SSP 6.1.x
- Interim fix 6.2.0.0 ifix 01 for IBM SSP 6.2.x
- CVE-2024-25016:
- Updates for IBM MQ and IBM MQ Appliance are available through IBM Fix Central.
IBM has provided no workarounds or mitigations for these vulnerabilities, underscoring the necessity of applying the fixes immediately.
