IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/297313 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/7166018 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
23 Aug 2024, 15:25
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0:*:*:*:*:*:*:* cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0:*:*:*:*:*:*:* |
|
Summary |
|
|
First Time |
Linux linux Kernel
Microsoft windows Ibm aix Microsoft Ibm Ibm sterling Connect Direct Web Services Linux |
|
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/297313 - VDB Entry, Vendor Advisory | |
References | () https://www.ibm.com/support/pages/node/7166018 - Vendor Advisory |
22 Aug 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-22 11:15
Updated : 2024-08-23 15:25
NVD link : CVE-2024-39746
Mitre link : CVE-2024-39746
CVE.ORG link : CVE-2024-39746
JSON object : View
Products Affected
linux
- linux_kernel
ibm
- sterling_connect_direct_web_services
- aix
microsoft
- windows
CWE
CWE-311
Missing Encryption of Sensitive Data