CVE-2024-49808

Summary

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.

Affected Software

VendorProductVersion RangeStatus
IBMSterling Connect:Direct Web Services6.1.0affected
IBMSterling Connect:Direct Web Services6.2.0affected
IBMSterling Connect:Direct Web Services6.3.0affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References