CVE-2024-45651

Published: Apr 18, 2025Modified: Jul 18, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.

Affected (3)

Products: Ibm: Sterling Connect Direct Web Services

Ibm

1 product

Sterling Connect Direct Web Services

Configuration A

3 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Ibm Sterling Connect Direct Web Services	From 6.1.0 to 6.1.0.28
Ibm Sterling Connect Direct Web Services	From 6.2.0 to 6.2.0.27
Ibm Sterling Connect Direct Web Services	From 6.3.0 to 6.3.0.13

Running on/with	Platform Versions
Ibm Aix	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

CWE-613

Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References (1)

https://www.ibm.com/support/pages/node/7231178

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.