IBM Sterling Connect:Direct Web Services 6.1.0

CPE Details

IBM Sterling Connect:Direct Web Services 6.1.0
ibm
sterling_connect_direct_web_services
6.1.0
2024-09-17
15h21 +00:00
2024-09-17
15h21 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0:*:*:*:*:*:*:*

Informations

Vendor

ibm

Product

sterling_connect_direct_web_services

Version

6.1.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-45653 2025-01-19 02h39 +00:00 IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.
4.3
Moyen
CVE-2024-39747 2024-08-31 01h01 +00:00 IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
9.8
Critique
CVE-2024-39746 2024-08-22 09h15 +00:00 IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
5.9
Moyen
CVE-2024-39745 2024-08-22 09h15 +00:00 IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
7.5
Haute
CVE-2024-39744 2024-08-22 09h15 +00:00 IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
4.3
Moyen
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.