Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for Sterling Connect:Direct Web Services by IBM

    CVE-2024-49808 (GCVE-0-2024-49808)

    Vulnerability from nvd – Published: 2025-04-18 11:03 – Updated: 2025-09-01 00:41
    VLAI
    Title
    IBM Sterling Connect:Direct Web Services improper authorization
    Summary
    IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7231180 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling Connect:Direct Web Services Affected: 6.1.0
    Affected: 6.2.0
    Affected: 6.3.0
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49808",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-18T11:31:55.671717Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-18T11:59:27.560Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling Connect:Direct Web Services",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.1.0"
                },
                {
                  "status": "affected",
                  "version": "6.2.0"
                },
                {
                  "status": "affected",
                  "version": "6.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions."
                }
              ],
              "value": "IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T00:41:53.758Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7231180"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling Connect:Direct Web Services improper authorization",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-49808",
        "datePublished": "2025-04-18T11:03:58.511Z",
        "dateReserved": "2024-10-20T13:40:24.085Z",
        "dateUpdated": "2025-09-01T00:41:53.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45651 (GCVE-0-2024-45651)

    Vulnerability from nvd – Published: 2025-04-18 11:04 – Updated: 2025-09-01 00:41
    VLAI
    Title
    IBM Sterling Connect:Direct Web Services session fixation
    Summary
    IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7231178 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling Connect:Direct Web Services Affected: 6.1.0
    Affected: 6.2.0
    Affected: 6.3.0
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45651",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-18T11:26:24.430299Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-18T11:26:34.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling Connect:Direct Web Services",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.1.0"
                },
                {
                  "status": "affected",
                  "version": "6.2.0"
                },
                {
                  "status": "affected",
                  "version": "6.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edoes not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.\u003c/span\u003e"
                }
              ],
              "value": "IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 \n\ndoes not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T00:41:10.652Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7231178"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling Connect:Direct Web Services session fixation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-45651",
        "datePublished": "2025-04-18T11:04:55.508Z",
        "dateReserved": "2024-09-03T13:50:26.295Z",
        "dateUpdated": "2025-09-01T00:41:10.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45653 (GCVE-0-2024-45653)

    Vulnerability from nvd – Published: 2025-01-19 02:39 – Updated: 2025-01-21 20:29
    VLAI
    Title
    IBM Sterling Connect:Direct Web Services information disclosure
    Summary
    IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Sterling Connect:Direct Web Services Affected: 6.0, 6.1, 6.2, 6.3
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45653",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-21T20:29:06.351435Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-21T20:29:11.755Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling Connect:Direct Web Services",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0, 6.1, 6.2, 6.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system."
                }
              ],
              "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-19T02:39:30.681Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7174104"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling Connect:Direct Web Services information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-45653",
        "datePublished": "2025-01-19T02:39:30.681Z",
        "dateReserved": "2024-09-03T13:50:26.296Z",
        "dateUpdated": "2025-01-21T20:29:11.755Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39747 (GCVE-0-2024-39747)

    Vulnerability from nvd – Published: 2024-08-31 01:01 – Updated: 2024-09-01 21:30
    VLAI
    Title
    IBM Sterling Connect:Direct Web Services information disclosure
    Summary
    IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Sterling Connect:Direct Web Services Affected: 6.0, 6.1, 6.2, 6.3
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39747",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-01T21:29:57.324770Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-01T21:30:21.072Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling Connect:Direct Web Services",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0, 6.1, 6.2, 6.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality."
                }
              ],
              "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "CWE-1392: Use of Default Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-31T01:01:03.974Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7166947"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297314"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling Connect:Direct Web Services information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-39747",
        "datePublished": "2024-08-31T01:01:03.974Z",
        "dateReserved": "2024-06-28T09:34:46.057Z",
        "dateUpdated": "2024-09-01T21:30:21.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39746 (GCVE-0-2024-39746)

    Vulnerability from nvd – Published: 2024-08-22 10:29 – Updated: 2025-10-31 15:01
    VLAI
    Title
    IBM Sterling Connect:Direct Web Services information disclosure
    Summary
    IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7166018 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling Connect:Direct Web Services Affected: 6.0
    Affected: 6.1
    Affected: 6.2
    Affected: 6.3
        cpe:2.3:a:ibm:sterling_connect\:direct:6.0.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.1.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.3.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.0.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.1.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.3.0.0:*:*:*:*:unix:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-22T13:12:23.754080Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-30T13:43:29.400Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.0.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.1.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.2.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.3.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.0.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.1.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.2.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.3.0.0:*:*:*:*:unix:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling Connect:Direct Web Services",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0"
                },
                {
                  "status": "affected",
                  "version": "6.1"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "6.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques."
                }
              ],
              "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-31T15:01:03.666Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7166018"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling Connect:Direct Web Services information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-39746",
        "datePublished": "2024-08-22T10:29:54.169Z",
        "dateReserved": "2024-06-28T09:34:46.056Z",
        "dateUpdated": "2025-10-31T15:01:03.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-39745 (GCVE-0-2024-39745)

    Vulnerability from nvd – Published: 2024-08-22 11:06 – Updated: 2026-03-13 22:05
    VLAI
    Title
    IBM Sterling Connect:Direct Web Services information disclosure
    Summary
    IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Sterling Connect:Direct Web Services Affected: 6.0, 6.1, 6.2, 6.3
        cpe:2.3:a:ibm:sterling_connect\:direct:6.0.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.1.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.3.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.0.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.1.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.3.0.0:*:*:*:*:unix:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39745",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-22T13:12:59.462908Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-22T13:33:31.352Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.0.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.1.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.2.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.3.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.0.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.1.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.2.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.3.0.0:*:*:*:*:unix:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling Connect:Direct Web Services",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0, 6.1, 6.2, 6.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
                }
              ],
              "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T22:05:03.051Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7166195"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297312"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling Connect:Direct Web Services information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-39745",
        "datePublished": "2024-08-22T11:06:49.088Z",
        "dateReserved": "2024-06-28T09:34:46.056Z",
        "dateUpdated": "2026-03-13T22:05:03.051Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-39744 (GCVE-0-2024-39744)

    Vulnerability from nvd – Published: 2024-08-22 10:56 – Updated: 2026-03-13 22:04
    VLAI
    Title
    IBM Sterling Connect:Direct Web Services cross-site request forgery
    Summary
    IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Sterling Connect:Direct Web Services Affected: 6.0, 6.1, 6.2, 6.3
        cpe:2.3:a:ibm:sterling_connect\:direct:6.0.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.1.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.3.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.0.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.1.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.3.0.0:*:*:*:*:unix:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39744",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-22T19:54:48.862794Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-22T19:54:57.599Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.0.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.1.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.2.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.3.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.0.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.1.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.2.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.3.0.0:*:*:*:*:unix:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling Connect:Direct Web Services",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0, 6.1, 6.2, 6.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
                }
              ],
              "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T22:04:21.261Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7166196"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297236"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling Connect:Direct Web Services cross-site request forgery",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-39744",
        "datePublished": "2024-08-22T10:56:39.894Z",
        "dateReserved": "2024-06-28T09:34:46.056Z",
        "dateUpdated": "2026-03-13T22:04:21.261Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-45651 (GCVE-0-2024-45651)

    Vulnerability from cvelistv5 – Published: 2025-04-18 11:04 – Updated: 2025-09-01 00:41
    VLAI
    Title
    IBM Sterling Connect:Direct Web Services session fixation
    Summary
    IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7231178 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling Connect:Direct Web Services Affected: 6.1.0
    Affected: 6.2.0
    Affected: 6.3.0
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45651",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-18T11:26:24.430299Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-18T11:26:34.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling Connect:Direct Web Services",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.1.0"
                },
                {
                  "status": "affected",
                  "version": "6.2.0"
                },
                {
                  "status": "affected",
                  "version": "6.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edoes not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.\u003c/span\u003e"
                }
              ],
              "value": "IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 \n\ndoes not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T00:41:10.652Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7231178"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling Connect:Direct Web Services session fixation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-45651",
        "datePublished": "2025-04-18T11:04:55.508Z",
        "dateReserved": "2024-09-03T13:50:26.295Z",
        "dateUpdated": "2025-09-01T00:41:10.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-49808 (GCVE-0-2024-49808)

    Vulnerability from cvelistv5 – Published: 2025-04-18 11:03 – Updated: 2025-09-01 00:41
    VLAI
    Title
    IBM Sterling Connect:Direct Web Services improper authorization
    Summary
    IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7231180 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling Connect:Direct Web Services Affected: 6.1.0
    Affected: 6.2.0
    Affected: 6.3.0
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49808",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-18T11:31:55.671717Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-18T11:59:27.560Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling Connect:Direct Web Services",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.1.0"
                },
                {
                  "status": "affected",
                  "version": "6.2.0"
                },
                {
                  "status": "affected",
                  "version": "6.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions."
                }
              ],
              "value": "IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T00:41:53.758Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7231180"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling Connect:Direct Web Services improper authorization",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-49808",
        "datePublished": "2025-04-18T11:03:58.511Z",
        "dateReserved": "2024-10-20T13:40:24.085Z",
        "dateUpdated": "2025-09-01T00:41:53.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45653 (GCVE-0-2024-45653)

    Vulnerability from cvelistv5 – Published: 2025-01-19 02:39 – Updated: 2025-01-21 20:29
    VLAI
    Title
    IBM Sterling Connect:Direct Web Services information disclosure
    Summary
    IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Sterling Connect:Direct Web Services Affected: 6.0, 6.1, 6.2, 6.3
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45653",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-21T20:29:06.351435Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-21T20:29:11.755Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling Connect:Direct Web Services",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0, 6.1, 6.2, 6.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system."
                }
              ],
              "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-19T02:39:30.681Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7174104"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling Connect:Direct Web Services information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-45653",
        "datePublished": "2025-01-19T02:39:30.681Z",
        "dateReserved": "2024-09-03T13:50:26.296Z",
        "dateUpdated": "2025-01-21T20:29:11.755Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39747 (GCVE-0-2024-39747)

    Vulnerability from cvelistv5 – Published: 2024-08-31 01:01 – Updated: 2024-09-01 21:30
    VLAI
    Title
    IBM Sterling Connect:Direct Web Services information disclosure
    Summary
    IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Sterling Connect:Direct Web Services Affected: 6.0, 6.1, 6.2, 6.3
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39747",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-01T21:29:57.324770Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-01T21:30:21.072Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling Connect:Direct Web Services",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0, 6.1, 6.2, 6.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality."
                }
              ],
              "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "CWE-1392: Use of Default Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-31T01:01:03.974Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7166947"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297314"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling Connect:Direct Web Services information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-39747",
        "datePublished": "2024-08-31T01:01:03.974Z",
        "dateReserved": "2024-06-28T09:34:46.057Z",
        "dateUpdated": "2024-09-01T21:30:21.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39745 (GCVE-0-2024-39745)

    Vulnerability from cvelistv5 – Published: 2024-08-22 11:06 – Updated: 2026-03-13 22:05
    VLAI
    Title
    IBM Sterling Connect:Direct Web Services information disclosure
    Summary
    IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Sterling Connect:Direct Web Services Affected: 6.0, 6.1, 6.2, 6.3
        cpe:2.3:a:ibm:sterling_connect\:direct:6.0.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.1.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.3.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.0.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.1.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.3.0.0:*:*:*:*:unix:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39745",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-22T13:12:59.462908Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-22T13:33:31.352Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.0.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.1.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.2.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.3.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.0.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.1.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.2.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.3.0.0:*:*:*:*:unix:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling Connect:Direct Web Services",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0, 6.1, 6.2, 6.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
                }
              ],
              "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T22:05:03.051Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7166195"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297312"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling Connect:Direct Web Services information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-39745",
        "datePublished": "2024-08-22T11:06:49.088Z",
        "dateReserved": "2024-06-28T09:34:46.056Z",
        "dateUpdated": "2026-03-13T22:05:03.051Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-39744 (GCVE-0-2024-39744)

    Vulnerability from cvelistv5 – Published: 2024-08-22 10:56 – Updated: 2026-03-13 22:04
    VLAI
    Title
    IBM Sterling Connect:Direct Web Services cross-site request forgery
    Summary
    IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Sterling Connect:Direct Web Services Affected: 6.0, 6.1, 6.2, 6.3
        cpe:2.3:a:ibm:sterling_connect\:direct:6.0.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.1.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.3.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.0.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.1.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.3.0.0:*:*:*:*:unix:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39744",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-22T19:54:48.862794Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-22T19:54:57.599Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.0.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.1.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.2.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.3.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.0.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.1.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.2.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.3.0.0:*:*:*:*:unix:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling Connect:Direct Web Services",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0, 6.1, 6.2, 6.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
                }
              ],
              "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T22:04:21.261Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7166196"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297236"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling Connect:Direct Web Services cross-site request forgery",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-39744",
        "datePublished": "2024-08-22T10:56:39.894Z",
        "dateReserved": "2024-06-28T09:34:46.056Z",
        "dateUpdated": "2026-03-13T22:04:21.261Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-39746 (GCVE-0-2024-39746)

    Vulnerability from cvelistv5 – Published: 2024-08-22 10:29 – Updated: 2025-10-31 15:01
    VLAI
    Title
    IBM Sterling Connect:Direct Web Services information disclosure
    Summary
    IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7166018 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling Connect:Direct Web Services Affected: 6.0
    Affected: 6.1
    Affected: 6.2
    Affected: 6.3
        cpe:2.3:a:ibm:sterling_connect\:direct:6.0.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.1.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.3.0.0:*:*:*:*:windows:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.0.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.1.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.0:*:*:*:*:unix:*:*
        cpe:2.3:a:ibm:sterling_connect\:direct:6.3.0.0:*:*:*:*:unix:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-22T13:12:23.754080Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-30T13:43:29.400Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.0.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.1.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.2.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.3.0.0:*:*:*:*:windows:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.0.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.1.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.2.0.0:*:*:*:*:unix:*:*",
                "cpe:2.3:a:ibm:sterling_connect\\:direct:6.3.0.0:*:*:*:*:unix:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling Connect:Direct Web Services",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0"
                },
                {
                  "status": "affected",
                  "version": "6.1"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "6.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques."
                }
              ],
              "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-31T15:01:03.666Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7166018"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling Connect:Direct Web Services information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-39746",
        "datePublished": "2024-08-22T10:29:54.169Z",
        "dateReserved": "2024-06-28T09:34:46.056Z",
        "dateUpdated": "2025-10-31T15:01:03.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }