VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 18, 2025· Updated Sep 1, 2025

IBM Sterling Connect:Direct Web Services session fixation

CVE-2024-45651

Description

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0

does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.

Affected products

2
  • IBM/Sterling Connect:Direct Web Servicescpe-rescue2 versions
    cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*+ 1 more
    • cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*range: 6.1.0
    • (no CPE)range: 6.1.0, 6.2.0, 6.3.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.