CVE-2024-39744

Published: Aug 22, 2024Modified: Aug 23, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Affected (4)

Products: Ibm: Sterling Connect Direct Web Services

Ibm

1 product

Sterling Connect Direct Web Services

Configuration A

4 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Ibm Sterling Connect Direct Web Services	Version 6.0
Ibm Sterling Connect Direct Web Services	Version 6.1.0
Ibm Sterling Connect Direct Web Services	Version 6.2.0
Ibm Sterling Connect Direct Web Services	Version 6.3.0

Running on/with	Platform Versions
Ibm Aix	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://exchange.xforce.ibmcloud.com/vulnerabilities/297236

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/7166196

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.