CVE-2024-39747

IBM Sterling Connect:Direct Web Services information disclosure

CVSS 8.1 HIGHEPSS 0.8%CWE-1392

In short

IBM Sterling Connect:Direct Web Services comes with default login credentials that attackers can use to access critical functions without authorization. This allows unauthorized access to potentially sensitive operations and data.

Technical detail

The vulnerability stems from hardcoded default credentials in IBM Sterling Connect:Direct Web Services versions 6.0-6.3, enabling unauthenticated or default-authenticated access to critical web service functions. An attacker can exploit this with minimal preconditions (network access to the web service) to gain unauthorized access to sensitive operations and information disclosure.

Summary generated and translated by AI from the official description.

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

IBM · Sterling Connect:Direct Web Services

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/297314 https://www.ibm.com/support/pages/node/7166947