Sterling Connect:Direct Web Services
by IBM
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-45651 | 0.00 | — | 0.00 | Apr 18, 2025 | IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system. | |||
| CVE-2024-49808 | 0.00 | — | 0.00 | Apr 18, 2025 | IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions. | |||
| CVE-2024-45653 | 0.00 | — | 0.00 | Jan 19, 2025 | IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system. | |||
| CVE-2024-39747 | 0.00 | — | 0.00 | Aug 31, 2024 | IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. | |||
| CVE-2024-39745 | 0.00 | — | 0.00 | Aug 22, 2024 | IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||
| CVE-2024-39744 | 0.00 | — | 0.00 | Aug 22, 2024 | IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||
| CVE-2024-39746 | 0.00 | — | 0.00 | Aug 22, 2024 | IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||
| CVE-2021-38891 | 0.00 | — | 0.00 | Nov 23, 2021 | IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508. | |||
| CVE-2021-38890 | 0.00 | — | 0.00 | Nov 23, 2021 | IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507. |
- CVE-2024-45651Apr 18, 2025risk 0.00cvss —epss 0.00
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.
- CVE-2024-49808Apr 18, 2025risk 0.00cvss —epss 0.00
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.
- CVE-2024-45653Jan 19, 2025risk 0.00cvss —epss 0.00
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.
- CVE-2024-39747Aug 31, 2024risk 0.00cvss —epss 0.00
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
- CVE-2024-39745Aug 22, 2024risk 0.00cvss —epss 0.00
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2024-39744Aug 22, 2024risk 0.00cvss —epss 0.00
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
- CVE-2024-39746Aug 22, 2024risk 0.00cvss —epss 0.00
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
- CVE-2021-38891Nov 23, 2021risk 0.00cvss —epss 0.00
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.
- CVE-2021-38890Nov 23, 2021risk 0.00cvss —epss 0.00
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.