CVE-2024-39746

Summary

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Affected Software

VendorProductVersion RangeStatus
IBMSterling Connect:Direct Web Services6.0affected
IBMSterling Connect:Direct Web Services6.1affected
IBMSterling Connect:Direct Web Services6.2affected
IBMSterling Connect:Direct Web Services6.3affected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References