Cyber Resilience

CVE-2024-41783

CriticalRCE

Published: 19 January 2025

Published
19 January 2025
Modified
25 July 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0030 53.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-41783 is a critical-severity Command Injection (CWE-77) vulnerability in Ibm Sterling Secure Proxy. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-41783 is a command injection vulnerability (CWE-77) in IBM Sterling Secure Proxy versions 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0. The flaw stems from improper validation of a specified type of input, enabling a privileged user to inject commands into the underlying operating system. It carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its network accessibility and potential for severe impacts.

A high-privileged user (PR:H) can exploit the vulnerability remotely over the network (AV:N) with low complexity (AC:L) and without requiring user interaction (UI:N). Successful exploitation allows the attacker to achieve high confidentiality, integrity, and availability impacts (C:H/I:H/A:H) across a changed scope (S:C), potentially resulting in arbitrary command execution on the host operating system.

IBM has published a security bulletin detailing the vulnerability and recommended mitigations at https://www.ibm.com/support/pages/node/7176189. Security practitioners should consult this advisory for patch information and remediation steps specific to affected versions.

EU & UK References

Vulnerability details

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of a specified type of input.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Command injection in network-accessible IBM proxy directly enables remote exploitation of public-facing app (T1190) and arbitrary OS command execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-38337Same product: Ibm Aix
CVE-2026-8855Same product: Ibm Aix
CVE-2026-8834Same product: Ibm Aix
CVE-2024-52363Same product: Ibm Aix
CVE-2026-6052Same product: Ibm Aix
CVE-2026-6051Same product: Ibm Aix
CVE-2024-41763Same product: Linux Linux Kernel
CVE-2024-41767Same product: Linux Linux Kernel
CVE-2025-14974Same product: Ibm Aix
CVE-2024-7577Same product: Ibm Aix

Affected Assets

ibm
sterling secure proxy
6.1.0.0, 6.2.0.0 · 6.0.0.0 — 6.0.3.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper input validation that enables command injection by requiring validation of specified inputs before processing.

prevent

Mandates timely remediation of the specific command injection flaw in IBM Sterling Secure Proxy through patching and testing.

prevent

Enforces least privilege to limit the damage potential from high-privileged users exploiting the vulnerability.

References