Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog Docs About Contact

ibm sterling connect direct web services vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv3

CVE-2024-39744

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an malicious user to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Ibm Sterling Connect DirectIbm Sterling Connect Direct Web ServicesIbm Sterling Connect Direct Web Services 6.0Ibm Sterling Connect Direct Web Services 6.1.0Ibm Sterling Connect Direct Web Services 6.2.0Ibm Sterling Connect Direct Web Services 6.3.0
4.3
CVSSv3

CVE-2024-45653

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.
Ibm Sterling Connect Direct Web Services 6.0.0.0Ibm Sterling Connect Direct Web Services 6.1.0.0Ibm Sterling Connect Direct Web Services 6.2.0.0Ibm Sterling Connect Direct Web Services 6.3.0.0Ibm Sterling Connect Direct Web ServicesIbm Sterling Connect Direct Web Services 6.0.0Ibm Sterling Connect Direct Web Services 6.1.0Ibm Sterling Connect Direct Web Services 6.2.0Ibm Sterling Connect Direct Web Services 6.3.0
7.5
CVSSv3

CVE-2024-39745

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an malicious user to decrypt highly sensitive information.
Ibm Sterling Connect Direct Web Services 6.0Ibm Sterling Connect Direct Web Services 6.1.0Ibm Sterling Connect Direct Web Services 6.2.0Ibm Sterling Connect Direct Web Services 6.3.0
5.9
CVSSv3

CVE-2024-39746

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote malicious user to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive informati...
Ibm Sterling Connect Direct Web Services 6.0Ibm Sterling Connect Direct Web Services 6.1.0Ibm Sterling Connect Direct Web Services 6.2.0Ibm Sterling Connect Direct Web Services 6.3.0
6.3
CVSSv3

CVE-2024-45651

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.
Ibm Sterling Connect Direct Web Services 6.1.0.0Ibm Sterling Connect Direct Web Services 6.2.0.0Ibm Sterling Connect Direct Web Services 6.3.0.0Ibm Sterling Connect Direct Web Services
6.3
CVSSv3

CVE-2024-49808

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.
Ibm Sterling Connect Direct Web Services 6.1.0.0Ibm Sterling Connect Direct Web Services 6.2.0.0Ibm Sterling Connect Direct Web Services 6.3.0.0Ibm Sterling Connect Direct Web Services
9.8
CVSSv3

CVE-2024-39747

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
Ibm Sterling Connect Direct Web Services
7.5
CVSSv3

CVE-2021-38890

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote malicious user to brute force account credentials. IBM X-Force ID: 209507.
Ibm Connect Direct Web ServicesIbm Sterling Connect Direct
7.5
CVSSv3

CVE-2021-38891

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an malicious user to decrypt highly sensitive information. IBM X-Force ID: 209508.
Ibm Connect Direct Web ServicesIbm Sterling Connect Direct
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
adp application developer platform 应用开发者平台type confusionflirCVE-2025-6268overflowdir-825CVE-2025-6018CVE-2025-2783CVE-2025-6292webassemblyauthentication bypassCVE-2025-4479CVE-2025-6306
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook