CVE-2024-49808

Published: Apr 18, 2025Modified: Jul 18, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.

Affected (3)

Products: Ibm: Sterling Connect Direct Web Services

Ibm

1 product

Sterling Connect Direct Web Services

Configuration A

3 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Ibm Sterling Connect Direct Web Services	From 6.1.0 to 6.1.0.28
Ibm Sterling Connect Direct Web Services	From 6.2.0 to 6.2.0.27
Ibm Sterling Connect Direct Web Services	From 6.3.0 to 6.3.0.13

Running on/with	Platform Versions
Ibm Aix	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://www.ibm.com/support/pages/node/7231180

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.