Ibm Sterling Connect Direct Web Services — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Sterling Connect Direct Web Services, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2024-39747 — CVSS 8.1 (high): IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
CVE-2024-45651 — CVSS 6.3 (medium): IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an…
CVE-2024-49808 — CVSS 6.3 (medium): IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user…
CVE-2024-39745 — CVSS 5.9 (medium): IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an…
CVE-2024-39746 — CVSS 5.9 (medium): IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by…
CVE-2024-39744 — CVSS 4.3 (medium): IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker…
CVE-2024-45653 — CVSS 4.3 (medium): IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in…