IBM Sterling Connect:Direct Web Services uses Apache Commons Net which has a sensitive information exposure via remote attacker vulnerability. Issue has been addressed.
CVEID:CVE-2021-37533
**DESCRIPTION:**Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusts the host from PASV response by default. By persuading a victim to connect to specially-crafted server, an attacker could exploit this vulnerability to obtain information about services running on the private network, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241253 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling Connect Direct Web Services | 1.0 |
IBM Sterling Connect:Direct Web Services | 6.1.0 |
IBM Sterling Connect:Direct Web Services | 6.2.0 |
IBM Sterling Connect:Direct Web Services | 6.0 |
Product(s)|Version(s)|**Remediation
**
—|—|—
IBM Sterling Connect:Direct Web Services| 1.0| Apply 6.2.0.18, available on Fix Central
IBM Sterling Connect:Direct Web Services| 6.0| Apply 6.2.0.18, available on Fix Central
IBM Sterling Connect:Direct Web Services| 6.1| Apply 6.2.0.18, available on Fix Central
IBM Sterling Connect:Direct Web Services| 6.2| Apply 6.2.0.18, available on Fix Central
IBM Sterling Connect:Direct Web Services| 6.3| Apply 6.3.0.2, available on Fix Central
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm sterling connect:direct web services | eq | 6.1 |