Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by multiple IBM JRE vulnerabilities

Summary IBM Sterling Connect:Direct Web Services uses IBM java, which has an unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified...

CVE-2024-39747

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality...

CVE-2024-39747 IBM Sterling Connect:Direct Web Services information disclosure

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality...

CVE-2024-39747 IBM Sterling Connect:Direct Web Services information disclosure

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality...

CVE-2024-39744

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2024-39744 IBM Sterling Connect:Direct Web Services cross-site request forgery

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2024-39746 IBM Sterling Connect:Direct Web Services information disclosure

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the...

CVE-2024-39746 IBM Sterling Connect:Direct Web Services information disclosure

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to a denial of service due to Eclipse Jetty (CVE-2024-22201)

Summary IBM Sterling Connect:Direct Web Services uses Eclipse Jetty. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to XML external entity injection due to Eclipse Jetty (260681)

Summary IBM Sterling Connect:Direct Web Services uses Eclipse Jetty. Vulnerability Details IBM X-Force ID: 260681 DESCRIPTION: Eclipse Jetty is vulnerable to an XML external entity injection XXE attack when processing XML data, caused by a weakly configured XML parser. By using specially crafted...

CVE-2021-38933

CVE-2021-38933 affects IBM Sterling Connect:Express for UNIX 1.5.x. The IBM security bulletin notes use of weaker cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Remediation: upgrade to Connect:Express for UNIX 1.5.0.1609 or newer. Current exploit details...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is affected by a security restrictions bypass due to Spring Framework [CVE-2023-20860]

Summary There is a vulnerability in Spring Framework used by Integrated File Agent in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. CVE-2023-20860 Vulnerability Details CVEID:CVE-2023-20860 DESCRIPTION: VMwar...

Security Bulletin: Elevated privileges vulnerability in Connect:Direct for UNIX on AIX 6.1 and above (CVE-2013-2989)

Abstract A user who has been successfully authenticated by Connect:Direct for UNIX executes Connect:Direct’s file copying functionality with elevated file system privileges. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-2989 DESCRIPTION: A user who has been successfully authenticated by...

Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2019-10241, CVE-2019-10246 & CVE-2019-10247)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Sterling Connect:Direct Browser User Interface. These issues were disclosed as part of the IBM Java SDK updates in May 2018 and Jetty Server update in May 2019. Vulnerability Detai...

Security Bulletin: Multiple Java Vulnerabilities Affect IBM Connect:Direct Web Services

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Connect:Direct Web Services. These issues were disclosed as part of the IBM Java SDK updates in May 2019 Vulnerability Details CVE-ID: CVE-2019-10246 Description: Eclipse...

Security Bulletin: Java Vulnerability Affects IBM Connect:Direct Web Services (CVE-2018-1890)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Connect:Direct Web Services. These issues were disclosed as part of the IBM Java SDK updates in March 2019 Vulnerability Details CVE-ID: CVE-2018-1890 Description:On the AIX...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to remote code execution due to Apache Log4j (CVE-2022-23307)

Summary There is a vulnerability in the Apache Log4j open source library used by IBM Sterling Connect:Direct Web Services. This affects IBM Sterling Connect:Direct Web Services. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2022-23307 DESCRIPTION: Apache Log4j could allo...

Security Bulletin: Apache Log4j vulnerabilities impacts IBM Sterling Connect:Direct Web Services (CVE-2021-45105, CVE-2021-45046)

Summary There are denial of service and remote code execution vulnerabilities in the Apache Log4j open source library is used by IBM Sterling Connect:Direct Web Services for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is...

Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling Connect:Direct File Agent (CVE-2021-45046, CVE-2021-45105)

Summary There are vulnerabilities in Apache Log4j used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVEs. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a...

Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2021-44228)

Summary There is a vulnerability in Apache Log4j used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to...