Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-45653

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.

Published

2025-01-19T03:15:07.643

Last Modified

2025-03-25T14:27:46.903

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-201
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	sterling_connect_direct_web_services	6.0.0	Yes
Application	ibm	sterling_connect_direct_web_services	6.1.0	Yes
Application	ibm	sterling_connect_direct_web_services	6.2.0	Yes
Application	ibm	sterling_connect_direct_web_services	6.3.0	Yes

References

https://www.ibm.com/support/pages/node/7174104 Vendor Advisory ([email protected])