CVE-2024-39745

Published: Aug 22, 2024Modified: Aug 23, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Affected (4)

Products: Ibm: Sterling Connect Direct Web Services

Ibm

1 product

Sterling Connect Direct Web Services

Configuration A

4 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Ibm Sterling Connect Direct Web Services	Version 6.0
Ibm Sterling Connect Direct Web Services	Version 6.1.0
Ibm Sterling Connect Direct Web Services	Version 6.2.0
Ibm Sterling Connect Direct Web Services	Version 6.3.0

Running on/with	Platform Versions
Ibm Aix	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

References (2)

https://exchange.xforce.ibmcloud.com/vulnerabilities/297312

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/7166195

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.