Vulnerabilites related to ibm - sterling_connect_direct_web_services
Vulnerability from fkie_nvd
Published
2024-08-31 02:15
Modified
2024-09-16 17:13
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/297314 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7166947 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | sterling_connect_direct_web_services | * | |
| ibm | sterling_connect_direct_web_services | * | |
| ibm | sterling_connect_direct_web_services | * | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8AFA7F5-0BB4-4CC0-8852-540D3B72D4D4",
"versionEndExcluding": "6.1.0.25",
"versionStartIncluding": "6.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE24461-6156-483D-957A-8DDD84D801B3",
"versionEndExcluding": "6.2.0.24",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5B086E-BBB4-457E-849C-0688D5CFA0C2",
"versionEndExcluding": "6.3.0.9",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality."
},
{
"lang": "es",
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2 y 6.3 utilizan credenciales predeterminadas para funcionalidades potencialmente cr\u00edticas."
}
],
"id": "CVE-2024-39747",
"lastModified": "2024-09-16T17:13:47.497",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-31T02:15:12.243",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297314"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7166947"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1392"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-22 11:15
Modified
2024-08-23 15:25
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/297313 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7166018 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | sterling_connect_direct_web_services | 6.0 | |
| ibm | sterling_connect_direct_web_services | 6.1.0 | |
| ibm | sterling_connect_direct_web_services | 6.2.0 | |
| ibm | sterling_connect_direct_web_services | 6.3.0 | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF87194-EA30-4358-B6A4-45274815F742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB84B3B4-6E20-4310-9BF9-DA8D3ED44E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E72803-A97E-45DE-AC70-EFF2BADCB7AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "914935D0-4F22-4653-8FCA-208AD42EFC94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques."
},
{
"lang": "es",
"value": "IBM Sterling Connect:Direct Web Services versiones 6.0, 6.1, 6.2 y 6.3 podr\u00edan permitir que un atacante remoto obtenga informaci\u00f3n confidencial, causada por no habilitar correctamente HTTP Strict Transport Security. Un atacante podr\u00eda aprovechar esta vulnerabilidad para obtener informaci\u00f3n confidencial utilizando t\u00e9cnicas de intermediario."
}
],
"id": "CVE-2024-39746",
"lastModified": "2024-08-23T15:25:02.123",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-22T11:15:13.920",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297313"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7166018"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-22 11:15
Modified
2024-08-23 15:25
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/297236 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7166196 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | sterling_connect_direct_web_services | 6.0 | |
| ibm | sterling_connect_direct_web_services | 6.1.0 | |
| ibm | sterling_connect_direct_web_services | 6.2.0 | |
| ibm | sterling_connect_direct_web_services | 6.3.0 | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF87194-EA30-4358-B6A4-45274815F742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB84B3B4-6E20-4310-9BF9-DA8D3ED44E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E72803-A97E-45DE-AC70-EFF2BADCB7AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "914935D0-4F22-4653-8FCA-208AD42EFC94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
},
{
"lang": "es",
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2 y 6.3 es vulnerable a cross-site request forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que conf\u00eda el sitio web."
}
],
"id": "CVE-2024-39744",
"lastModified": "2024-08-23T15:25:31.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-22T11:15:13.513",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297236"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7166196"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-19 03:15
Modified
2025-03-25 14:27
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7174104 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | sterling_connect_direct_web_services | 6.0.0 | |
| ibm | sterling_connect_direct_web_services | 6.1.0 | |
| ibm | sterling_connect_direct_web_services | 6.2.0 | |
| ibm | sterling_connect_direct_web_services | 6.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C768ACC8-D269-4E95-93F3-011DF3E7794C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB84B3B4-6E20-4310-9BF9-DA8D3ED44E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E72803-A97E-45DE-AC70-EFF2BADCB7AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "914935D0-4F22-4653-8FCA-208AD42EFC94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system."
},
{
"lang": "es",
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2 y 6.3 podr\u00edan revelar informaci\u00f3n confidencial de direcciones IP a usuarios autenticados en respuestas que podr\u00edan usarse en futuros ataques contra sistema."
}
],
"id": "CVE-2024-45653",
"lastModified": "2025-03-25T14:27:46.903",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-19T03:15:07.643",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7174104"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-201"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-18 11:15
Modified
2025-07-18 13:44
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7231180 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | sterling_connect_direct_web_services | * | |
| ibm | sterling_connect_direct_web_services | * | |
| ibm | sterling_connect_direct_web_services | * | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2110F2-931E-426E-83D4-92BDB2EED70D",
"versionEndExcluding": "6.1.0.28",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11D0CC07-24D6-467B-91EB-5D11FB21A6F5",
"versionEndExcluding": "6.2.0.27",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B048640-A7A9-4238-B71D-2CE00633C455",
"versionEndExcluding": "6.3.0.13",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions."
},
{
"lang": "es",
"value": "IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0 y 6.3.0 podr\u00edan permitir que un usuario autenticado falsifique la identidad de otro usuario debido a una autorizaci\u00f3n incorrecta, lo que podr\u00eda permitir al usuario eludir las restricciones de acceso."
}
],
"id": "CVE-2024-49808",
"lastModified": "2025-07-18T13:44:31.650",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-18T11:15:45.920",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7231180"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-18 11:15
Modified
2025-07-18 14:16
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0
does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7231178 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | sterling_connect_direct_web_services | * | |
| ibm | sterling_connect_direct_web_services | * | |
| ibm | sterling_connect_direct_web_services | * | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2110F2-931E-426E-83D4-92BDB2EED70D",
"versionEndExcluding": "6.1.0.28",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11D0CC07-24D6-467B-91EB-5D11FB21A6F5",
"versionEndExcluding": "6.2.0.27",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B048640-A7A9-4238-B71D-2CE00633C455",
"versionEndExcluding": "6.3.0.13",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 \n\ndoes not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system."
},
{
"lang": "es",
"value": "IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0 y 6.3.0 no invalidan la sesi\u00f3n despu\u00e9s del cierre del navegador, lo que podr\u00eda permitir que un usuario autenticado se haga pasar por otro usuario en el sistema."
}
],
"id": "CVE-2024-45651",
"lastModified": "2025-07-18T14:16:12.850",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-18T11:15:44.940",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7231178"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-22 11:15
Modified
2024-08-23 15:25
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/297312 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7166195 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | sterling_connect_direct_web_services | 6.0 | |
| ibm | sterling_connect_direct_web_services | 6.1.0 | |
| ibm | sterling_connect_direct_web_services | 6.2.0 | |
| ibm | sterling_connect_direct_web_services | 6.3.0 | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF87194-EA30-4358-B6A4-45274815F742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB84B3B4-6E20-4310-9BF9-DA8D3ED44E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E72803-A97E-45DE-AC70-EFF2BADCB7AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "914935D0-4F22-4653-8FCA-208AD42EFC94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
},
{
"lang": "es",
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2 y 6.3 utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial."
}
],
"id": "CVE-2024-39745",
"lastModified": "2024-08-23T15:25:13.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-22T11:15:13.710",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297312"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7166195"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
CVE-2024-39747 (GCVE-0-2024-39747)
Vulnerability from cvelistv5
Published
2024-08-31 01:01
Modified
2024-09-01 21:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1392 - Use of Default Credentials
Summary
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7166947 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/297314 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct Web Services |
Version: 6.0, 6.1, 6.2, 6.3 cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-01T21:29:57.324770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-01T21:30:21.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling Connect:Direct Web Services",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0, 6.1, 6.2, 6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality."
}
],
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392: Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-31T01:01:03.974Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7166947"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297314"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Connect:Direct Web Services information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39747",
"datePublished": "2024-08-31T01:01:03.974Z",
"dateReserved": "2024-06-28T09:34:46.057Z",
"dateUpdated": "2024-09-01T21:30:21.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39745 (GCVE-0-2024-39745)
Vulnerability from cvelistv5
Published
2024-08-22 11:06
Modified
2024-08-22 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Summary
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7166195 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/297312 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct Web Services |
Version: 6.0, 6.1, 6.2, 6.3 cpe:2.3:a:ibm:sterling_connect:direct:6.0.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.1.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.2.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.3.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.0.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.1.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.2.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.3.0.0:*:*:*:*:unix:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T13:12:59.462908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T13:33:31.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connect:direct:6.0.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.1.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.2.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.3.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.0.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.1.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.2.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.3.0.0:*:*:*:*:unix:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling Connect:Direct Web Services",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0, 6.1, 6.2, 6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
}
],
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T11:06:49.088Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7166195"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297312"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Connect:Direct Web Services information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39745",
"datePublished": "2024-08-22T11:06:49.088Z",
"dateReserved": "2024-06-28T09:34:46.056Z",
"dateUpdated": "2024-08-22T13:33:31.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49808 (GCVE-0-2024-49808)
Vulnerability from cvelistv5
Published
2025-04-18 11:03
Modified
2025-09-01 00:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - Incorrect Authorization
Summary
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7231180 | vendor-advisory, patch |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct Web Services |
Version: 6.1.0 Version: 6.2.0 Version: 6.3.0 cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T11:31:55.671717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T11:59:27.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling Connect:Direct Web Services",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "6.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions."
}
],
"value": "IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T00:41:53.758Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7231180"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Connect:Direct Web Services improper authorization",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-49808",
"datePublished": "2025-04-18T11:03:58.511Z",
"dateReserved": "2024-10-20T13:40:24.085Z",
"dateUpdated": "2025-09-01T00:41:53.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39744 (GCVE-0-2024-39744)
Vulnerability from cvelistv5
Published
2024-08-22 10:56
Modified
2024-08-22 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7166196 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/297236 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct Web Services |
Version: 6.0, 6.1, 6.2, 6.3 cpe:2.3:a:ibm:sterling_connect:direct:6.0.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.1.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.2.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.3.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.0.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.1.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.2.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.3.0.0:*:*:*:*:unix:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T19:54:48.862794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T19:54:57.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connect:direct:6.0.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.1.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.2.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.3.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.0.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.1.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.2.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.3.0.0:*:*:*:*:unix:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling Connect:Direct Web Services",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0, 6.1, 6.2, 6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
}
],
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T10:56:39.894Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7166196"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297236"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Connect:Direct Web Services cross-site request forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39744",
"datePublished": "2024-08-22T10:56:39.894Z",
"dateReserved": "2024-06-28T09:34:46.056Z",
"dateUpdated": "2024-08-22T19:54:57.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45651 (GCVE-0-2024-45651)
Vulnerability from cvelistv5
Published
2025-04-18 11:04
Modified
2025-09-01 00:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0
does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7231178 | vendor-advisory, patch |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct Web Services |
Version: 6.1.0 Version: 6.2.0 Version: 6.3.0 cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45651",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T11:26:24.430299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T11:26:34.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling Connect:Direct Web Services",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "6.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edoes not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.\u003c/span\u003e"
}
],
"value": "IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 \n\ndoes not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T00:41:10.652Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7231178"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Connect:Direct Web Services session fixation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-45651",
"datePublished": "2025-04-18T11:04:55.508Z",
"dateReserved": "2024-09-03T13:50:26.295Z",
"dateUpdated": "2025-09-01T00:41:10.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45653 (GCVE-0-2024-45653)
Vulnerability from cvelistv5
Published
2025-01-19 02:39
Modified
2025-01-21 20:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Summary
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct Web Services |
Version: 6.0, 6.1, 6.2, 6.3 cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45653",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T20:29:06.351435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:29:11.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling Connect:Direct Web Services",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0, 6.1, 6.2, 6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system."
}
],
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-19T02:39:30.681Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7174104"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Connect:Direct Web Services information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-45653",
"datePublished": "2025-01-19T02:39:30.681Z",
"dateReserved": "2024-09-03T13:50:26.296Z",
"dateUpdated": "2025-01-21T20:29:11.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39746 (GCVE-0-2024-39746)
Vulnerability from cvelistv5
Published
2024-08-22 10:29
Modified
2024-08-22 13:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Summary
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct Web Services |
Version: 6.0, 6.1, 6.2, 6.3 cpe:2.3:a:ibm:sterling_connect:direct:6.0.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.1.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.2.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.3.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.0.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.1.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.2.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect:direct:6.3.0.0:*:*:*:*:unix:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T13:12:23.754080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T13:12:41.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connect:direct:6.0.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.1.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.2.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.3.0.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.0.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.1.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.2.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect:direct:6.3.0.0:*:*:*:*:unix:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling Connect:Direct Web Services",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0, 6.1, 6.2, 6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques."
}
],
"value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T10:29:54.169Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7166018"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297313"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Connect:Direct Web Services information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39746",
"datePublished": "2024-08-22T10:29:54.169Z",
"dateReserved": "2024-06-28T09:34:46.056Z",
"dateUpdated": "2024-08-22T13:12:41.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}