cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-45653,https://securityvulnerability.io/vulnerability/CVE-2024-45653,Sensitive IP Address Disclosure in IBM Sterling Connect:Direct Web Services,"IBM Sterling Connect:Direct Web Services versions 6.0, 6.1, 6.2, and 6.3 are vulnerable to an information disclosure issue that allows authenticated users to access sensitive IP address data. This disclosure could be exploited by attackers to facilitate further malicious actions against the system, highlighting the importance of securing internal response data to prevent unauthorized information access.",IBM,Sterling Connect:direct Web Services,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-19T02:39:30.681Z,0
CVE-2024-39747,https://securityvulnerability.io/vulnerability/CVE-2024-39747,Default Credential Vulnerability in IBM Sterling Connect:Direct Web Services,"IBM Sterling Connect:Direct Web Services versions 6.0, 6.1, 6.2, and 6.3 are susceptible to a significant security risk due to the use of default credentials for critical functionalities. This vulnerability potentially allows unauthorized individuals to exploit these services, leading to unauthorized access and manipulation of sensitive data. Organizations utilizing these versions are strongly advised to review their security configurations and implement proper credential management practices to mitigate the associated risks.",IBM,Sterling Connect:direct Web Services,9.8,CRITICAL,0.0007300000288523734,false,,false,false,false,,,false,false,,2024-08-31T02:15:00.000Z,0
CVE-2024-39745,https://securityvulnerability.io/vulnerability/CVE-2024-39745,Weaker Cryptographic Algorithms in IBM Sterling Connect:Direct Web Services Could Lead to Data Decryption,"IBM Sterling Connect:Direct Web Services versions 6.0 through 6.3 are impacted by a vulnerability that arises from the use of weaker than expected cryptographic algorithms. This flaw may enable attackers to decrypt sensitive and confidential information, compromising data security and integrity. Organizations using this product should evaluate their systems to mitigate potential risks associated with this vulnerability.",IBM,Sterling Connect:direct Web Services,7.5,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2024-08-22T11:06:49.088Z,0
CVE-2024-39744,https://securityvulnerability.io/vulnerability/CVE-2024-39744,IBM Sterling Connect:Direct Web Services Vulnerable to Cross-Site Request Forgery,"IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.",IBM,Sterling Connect:direct Web Services,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-08-22T10:56:39.894Z,0
CVE-2024-39746,https://securityvulnerability.io/vulnerability/CVE-2024-39746,IBM Sterling Connect:Direct Web Services Vulnerability Could Lead to Sensitive Information Theft,"IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.",IBM,Sterling Connect:direct Web Services,5.9,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2024-08-22T10:29:54.169Z,0
CVE-2021-38890,https://securityvulnerability.io/vulnerability/CVE-2021-38890,Inadequate Account Lockout in IBM Sterling Connect:Direct Web Services,IBM Sterling Connect:Direct Web Services versions 1.0 and 6.0 have a security flaw that results from an inadequate account lockout setting. This weakness allows remote attackers to potentially exploit the system through brute force attacks to gain unauthorized access to user accounts. Organizations using these versions are at increased risk and should ensure proper security measures are in place.,IBM,Connect:direct Web Services,5.9,MEDIUM,0.002139999996870756,false,,false,false,false,,,false,false,,2021-11-23T20:15:00.000Z,0
CVE-2021-38891,https://securityvulnerability.io/vulnerability/CVE-2021-38891,Web Services Vulnerability in IBM Sterling Connect:Direct Products,"IBM Sterling Connect:Direct Web Services versions 1.0 and 6.0 are affected by a vulnerability that employs cryptographic algorithms weaker than expected. This flaw could allow attackers to decrypt highly sensitive information, posing a serious risk to data confidentiality. Organizations utilizing affected versions are urged to review their security configurations and consider applying necessary patches and mitigation strategies to enhance data protection.",IBM,Connect:direct Web Services,5.9,MEDIUM,0.0014299999456852674,false,,false,false,false,,,false,false,,2021-11-23T20:15:00.000Z,0