Show filters
24 Total Results
Displaying 1-10 of 24
Sort by:
Attacker Value
Unknown
CVE-2024-45653
Disclosure Date: January 19, 2025 (last updated January 19, 2025)
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.
0
Attacker Value
Unknown
CVE-2022-4974
Disclosure Date: October 16, 2024 (last updated October 16, 2024)
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
0
Attacker Value
Unknown
CVE-2024-39747
Disclosure Date: August 31, 2024 (last updated September 17, 2024)
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
0
Attacker Value
Unknown
CVE-2024-39746
Disclosure Date: August 22, 2024 (last updated August 24, 2024)
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
0
Attacker Value
Unknown
CVE-2024-39745
Disclosure Date: August 22, 2024 (last updated August 24, 2024)
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
0
Attacker Value
Unknown
CVE-2024-39744
Disclosure Date: August 22, 2024 (last updated August 24, 2024)
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
0
Attacker Value
Unknown
CVE-2022-23775
Disclosure Date: May 25, 2022 (last updated February 23, 2025)
TrueStack Direct Connect 1.4.7 has Incorrect Access Control.
0
Attacker Value
Unknown
CVE-2021-38890
Disclosure Date: November 22, 2021 (last updated February 23, 2025)
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.
0
Attacker Value
Unknown
CVE-2021-38891
Disclosure Date: November 22, 2021 (last updated February 23, 2025)
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.
0
Attacker Value
Unknown
CVE-2021-20560
Disclosure Date: July 23, 2021 (last updated February 23, 2025)
IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 199229.
0