Lucene search
HistoryAug 22, 2024 - 11:15 a.m.
CVE-2024-39745
ibm
sterling connect:direct
web services
cryptographic algorithms
vulnerability
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
32.6%
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Affected configurations
Node
ibmsterling_connect_direct_web_servicesMatch6.0
ORibmsterling_connect_direct_web_servicesMatch6.1.0
ORibmsterling_connect_direct_web_servicesMatch6.2.0
ORibmsterling_connect_direct_web_servicesMatch6.3.0
ibmaixMatch-
ORlinuxlinux_kernelMatch-
ORmicrosoftwindowsMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | sterling_connect_direct_web_services | 6.0 | cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0:*:*:*:*:*:*:* |
| ibm | sterling_connect_direct_web_services | 6.1.0 | cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0:*:*:*:*:*:*:* |
| ibm | sterling_connect_direct_web_services | 6.2.0 | cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0:*:*:*:*:*:*:* |
| ibm | sterling_connect_direct_web_services | 6.3.0 | cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0:*:*:*:*:*:*:* |
| ibm | aix | - | cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:* |
| linux | linux_kernel | - | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
| microsoft | windows | - | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
32.6%
Related for NVD:CVE-2024-39745