8 matches found
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by Uncontrolled Resource Consumption.
Summary netty-codec-4.1.127.Final.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-42583. Vulnerability Details CVEID:CVE-2026-42583 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocate...
Security Bulletin: Due to use of postgresql-42.7.10.jar, IBM Sterling Connect:Direct Web Services is affected by client-side denial of service.
Summary postgresql-42.7.10.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-42198. Vulnerability Details CVEID:CVE-2026-42198 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial o...
Security Bulletin: Due to use of IBM SDK, IBM Sterling Connect:Direct Web Services is affected by denial of service.
Summary IBM SDK is used by IBM Sterling Connect:Direct Web Services CVE-2026-21945, CVE-2026-21932, CVE-2026-21933,CVE-2026-21925. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows ...
Security Bulletin: Due to use of spring-security-web-6.5.8.jar, IBM Sterling Connect:Direct Web Services is affected by missing HTTP header in response issue.
Summary spring-security-web-6.5.8.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22732. Vulnerability Details CVEID:CVE-2026-22732 DESCRIPTION: When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP...
Security Bulletin: Due to use of libexpat , IBM Sterling Connect:Direct Web Services is affected by large memory allocations issue.
Summary libexpat is used by IBM Sterling Connect:Direct Web Services CVE-2025-59375. Vulnerability Details CVEID:CVE-2025-59375 DESCRIPTION: libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. CWE:CWE-770:...
CVE-2024-39746
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the...
Security Bulletin: PostgreSQL Vulnerability Affects IBM Connect:Direct Web Service (CVE-2021-32028)
Summary There is a vulnerability in PostgreSQL versions used by IBM Connect:Direct Web Service. IBM Connect:Direct Web Services has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-32028 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain sensitive...
Security Bulletin: Multiple Vulnerabilities in PostgreSQL Affect IBM Connect:Direct Web Service
Summary There are multiple vulnerabilities in PostgreSQL versions used by IBM Connect:Direct Web Service. IBM Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-25695 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to gain...