IBM Sterling Connect:Direct Web Services Vulnerability Could Lead to Sensitive Information Theft
CVE-2024-39746

5.9MEDIUM

Key Information:

Vendor
IBM
Status
Sterling Connect:direct Web Services
Vendor
CVE Published:
22 August 2024

Summary

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Affected Version(s)

Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, 6.3

References

https://www.ibm.com/support/pages/node/7166018
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/297313

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.