CVE-2024-49808 | THREATINT

Description

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.

PUBLISHED Reserved 2024-10-20 | Published 2025-04-18 | Updated 2025-09-01 | Assigner ibm

MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Problem types

CWE-863 Incorrect Authorization

Product status

Default status

unaffected

6.1.0

affected

6.2.0

affected

6.3.0

affected

References

www.ibm.com/support/pages/node/7231180 vendor-advisory patch

cve.org (CVE-2024-49808)

nvd.nist.gov (CVE-2024-49808)

Download JSON