Lucene search
K

8 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:19 p.m.6 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by Uncontrolled Resource Consumption.

Summary netty-codec-4.1.127.Final.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-42583. Vulnerability Details CVEID:CVE-2026-42583 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocate...

7.5CVSS5.3AI score0.00429EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/04 3:5 a.m.10 views

Security Bulletin: Due to use of postgresql-42.7.10.jar, IBM Sterling Connect:Direct Web Services is affected by client-side denial of service.

Summary postgresql-42.7.10.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-42198. Vulnerability Details CVEID:CVE-2026-42198 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial o...

7.5CVSS7AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/23 6:54 a.m.5 views

Security Bulletin: Due to use of IBM SDK, IBM Sterling Connect:Direct Web Services is affected by denial of service.

Summary IBM SDK is used by IBM Sterling Connect:Direct Web Services CVE-2026-21945, CVE-2026-21932, CVE-2026-21933,CVE-2026-21925. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows ...

7.5CVSS5.8AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/23 6:51 a.m.3 views

Security Bulletin: Due to use of spring-security-web-6.5.8.jar, IBM Sterling Connect:Direct Web Services is affected by missing HTTP header in response issue.

Summary spring-security-web-6.5.8.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22732. Vulnerability Details CVEID:CVE-2026-22732 DESCRIPTION: When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP...

9.1CVSS5.7AI score0.0048EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 6:13 a.m.7 views

Security Bulletin: Due to use of libexpat , IBM Sterling Connect:Direct Web Services is affected by large memory allocations issue.

Summary libexpat is used by IBM Sterling Connect:Direct Web Services CVE-2025-59375. Vulnerability Details CVEID:CVE-2025-59375 DESCRIPTION: libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. CWE:CWE-770:...

7.5CVSS6.5AI score0.01279EPSS
Exploits1Affected Software1
OSV
OSV
added 2024/08/22 11:15 a.m.4 views

CVE-2024-39746

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the...

5.9CVSS5.7AI score0.00275EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/21 4:9 p.m.30 views

Security Bulletin: PostgreSQL Vulnerability Affects IBM Connect:Direct Web Service (CVE-2021-32028)

Summary There is a vulnerability in PostgreSQL versions used by IBM Connect:Direct Web Service. IBM Connect:Direct Web Services has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-32028 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain sensitive...

6.5CVSS1.4AI score0.01449EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/17 7:14 a.m.35 views

Security Bulletin: Multiple Vulnerabilities in PostgreSQL Affect IBM Connect:Direct Web Service

Summary There are multiple vulnerabilities in PostgreSQL versions used by IBM Connect:Direct Web Service. IBM Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-25695 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to gain...

8.8CVSS1.1AI score0.4644EPSS
Exploits0Affected Software1
Rows per page
Query Builder