Lucene search

IBM59A2E1CAA0DF2C822AE1AB4A797F236883BA4BCDFDA7177888045F3CE3894C31

HistoryAug 22, 2024 - 6:20 a.m.

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

2024-08-2206:20:38

www.ibm.com

ibm sterling connect:direct

web service

cross-site request forgery

vulnerability

cve-2024-39744

upgrade

fix central

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

Percentile

13.8%

JSON

Summary

IBM Sterling Connect:Direct Web Service uses IBM Java SE, which is vulnerable to CVE-2024-39744.

Vulnerability Details

CVEID:CVE-2024-39744
**DESCRIPTION:**IBM Sterling Connect:Direct Web Services is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297236 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Sterling Connect:Direct Web Services	6.3.0
IBM Sterling Connect:Direct Web Services	6.1.0
IBM Sterling Connect:Direct Web Services	6.2.0
IBM Connect:Direct Web Services	6.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading …

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsterling_connect\Matchdirect6.1

VendorProductVersionCPE
ibmsterling_connect\directcpe:2.3:a:ibm:sterling_connect\:direct:6.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	sterling_connect\	direct	cpe:2.3:a:ibm:sterling_connect\:direct:6.1:::::::*

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

Percentile

13.8%

JSON

Related for 59A2E1CAA0DF2C822AE1AB4A797F236883BA4BCDFDA7177888045F3CE3894C31