CVE-2024-45653

Published: Jan 19, 2025Modified: Mar 25, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.

Affected (4)

Products: Ibm: Sterling Connect Direct Web Services

Ibm

1 product

Sterling Connect Direct Web Services

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Sterling Connect Direct Web Services	Version 6.0.0
Ibm Sterling Connect Direct Web Services	Version 6.1.0
Ibm Sterling Connect Direct Web Services	Version 6.2.0
Ibm Sterling Connect Direct Web Services	Version 6.3.0

Related CWEs

CWE-201

Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

References (1)

https://www.ibm.com/support/pages/node/7174104

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.