CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45653 – IBM Sterling Connect:Direct Web Services information disclosure
https://notcve.org/view.php?id=CVE-2024-45653
19 Jan 2025 — IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7174104 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39747 – IBM Sterling Connect:Direct Web Services information disclosure
https://notcve.org/view.php?id=CVE-2024-39747
31 Aug 2024 — IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. • https://exchange.xforce.ibmcloud.com/vulnerabilities/297314 • CWE-1392: Use of Default Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39745 – IBM Sterling Connect:Direct Web Services information disclosure
https://notcve.org/view.php?id=CVE-2024-39745
22 Aug 2024 — IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7166195 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39744 – IBM Sterling Connect:Direct Web Services cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-39744
22 Aug 2024 — IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. • https://www.ibm.com/support/pages/node/7166196 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39746 – IBM Sterling Connect:Direct Web Services information disclosure
https://notcve.org/view.php?id=CVE-2024-39746
22 Aug 2024 — IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://www.ibm.com/support/pages/node/7166018 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32331 – IBM Connect:Express for UNIX denial of service
https://notcve.org/view.php?id=CVE-2023-32331
04 Mar 2024 — IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979. IBM Connect:Express para UNIX 1.5.0 es vulnerable a un desbordamiento de búfer que podría permitir a un atacante remoto provocar una denegación de servicio a través de la interfaz de usuario de su navegador. ID de IBM X-Force: 254979. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254979 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38933 – IBM Sterling Connect:Express for UNIX information disclosure
https://notcve.org/view.php?id=CVE-2021-38933
19 Jul 2023 — IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574. • https://exchange.xforce.ibmcloud.com/vulnerabilities/210574 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29260 – IBM Sterling Connect:Express for UNIX server-side request forgery
https://notcve.org/view.php?id=CVE-2023-29260
19 Jul 2023 — IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252135 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29259 – IBM Sterling Connect:Express for UNIX information disclosure
https://notcve.org/view.php?id=CVE-2023-29259
19 Jul 2023 — IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252055 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-38891
https://notcve.org/view.php?id=CVE-2021-38891
23 Nov 2021 — IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508. IBM Sterling Connect:Direct Web Services versiones 1.0 y 6.0, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 209508 • https://exchange.xforce.ibmcloud.com/vulnerabilities/209508 • CWE-326: Inadequate Encryption Strength •