CVE-2024-22361: 
IBM Semeru Runtime vulnerability analysis and mitigation

CVE-2024-22361 is a security vulnerability affecting IBM Semeru Runtime across multiple versions (8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0). The vulnerability was discovered and disclosed in early 2024, with the CVE being created on January 8, 2024. The issue involves the use of weaker than expected cryptographic algorithms that could potentially expose sensitive information (IBM Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, while IBM Corporation assessed it with a score of 5.9 (MEDIUM) and vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-327 (Use of a Broken or Risky Cryptographic Algorithm) (NVD).

The vulnerability could allow an attacker to decrypt highly sensitive information due to the implementation of weaker than expected cryptographic algorithms (IBM Advisory).

IBM has released fixes for the affected versions. The recommended updates are: 8.0.402.0, 11.0.22.0, 17.0.10.0, and 21.0.2.0. The fixes can be obtained through IBM's APAR number IJ50001 (IBM Advisory).