CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45653 – IBM Sterling Connect:Direct Web Services information disclosure
https://notcve.org/view.php?id=CVE-2024-45653
19 Jan 2025 — IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7174104 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39747 – IBM Sterling Connect:Direct Web Services information disclosure
https://notcve.org/view.php?id=CVE-2024-39747
31 Aug 2024 — IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. • https://exchange.xforce.ibmcloud.com/vulnerabilities/297314 • CWE-1392: Use of Default Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39745 – IBM Sterling Connect:Direct Web Services information disclosure
https://notcve.org/view.php?id=CVE-2024-39745
22 Aug 2024 — IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7166195 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39744 – IBM Sterling Connect:Direct Web Services cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-39744
22 Aug 2024 — IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. • https://www.ibm.com/support/pages/node/7166196 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39746 – IBM Sterling Connect:Direct Web Services information disclosure
https://notcve.org/view.php?id=CVE-2024-39746
22 Aug 2024 — IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://www.ibm.com/support/pages/node/7166018 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20560
https://notcve.org/view.php?id=CVE-2021-20560
26 Jul 2021 — IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 199229. IBM Sterling Connect:Direct Browser User Interface versiones 1.4.1.1 y 1.5.0.2, podría permitir a un atacante remoto secuestrar la acción de hac... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199229 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0529
https://notcve.org/view.php?id=CVE-2013-0529
21 Jun 2013 — The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. El Browser en IBM Sterling Connect:Direct v1.4 anterior a v1.4.0.11 y v1.5 hasta v1.5.0.1 no fija el flag secure para la cookie de sesión en una sesión https, lo que podría permitir a atacantes remotos capturar esta cookie en una... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.4EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0527
https://notcve.org/view.php?id=CVE-2013-0527
21 Jun 2013 — The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation. El Browser en IBM Sterling Connect:Direct v1.4 anterior a v1.4.0.11 y v1.5 hasta v1.5.0.1 no cierras páginas tras el timeout de la sesión, lo que podría permitir a atacantes físicamente próximos obtener información sensibl... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •