6.5
CVE-2024-49808
- EPSS 0.13%
- Veröffentlicht 18.04.2025 11:03:58
- Zuletzt bearbeitet 18.07.2025 13:44:31
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Sterling Connect:Direct Web Services improper authorization
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Sterling Connect Direct Web Services Version >= 6.1.0 < 6.1.0.28
Ibm ≫ Sterling Connect Direct Web Services Version >= 6.2.0 < 6.2.0.27
Ibm ≫ Sterling Connect Direct Web Services Version >= 6.3.0 < 6.3.0.13
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.33 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| psirt@us.ibm.com | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.