Sterling Connect Direct Web Services

sterling_connect_direct_web_services

Vendor: Ibm • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-49808 1Ibm 1Sterling Connect Direct Web Services Jul 18, 2025 Apr 18, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restricti...Show more IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.Show less
CVE-2024-45651 1Ibm 1Sterling Connect Direct Web Services Jul 18, 2025 Apr 18, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.
CVE-2024-45653 1Ibm 1Sterling Connect Direct Web Services Mar 25, 2025 Jan 19, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.
CVE-2024-39747 1Ibm 1Sterling Connect Direct Web Services Sep 16, 2024 Aug 31, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
CVE-2024-39746 1Ibm 1Sterling Connect Direct Web Services Sep 29, 2025 Aug 22, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could ex...Show more IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.Show less
CVE-2024-39745 1Ibm 1Sterling Connect Direct Web Services Aug 23, 2024 Aug 22, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2024-39744 1Ibm 1Sterling Connect Direct Web Services Aug 23, 2024 Aug 22, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the web...Show more IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.Show less