IBM Sterling Connect:Direct Web Services Default Credentials Vulnerability (CVE-2024-39747)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: IBM Sterling Connect:Direct Web Service is vulnerable to a vulnerability in IBM Java. 2. CVE ID: CVE-2024-39747. 3. Description: IBM Sterling Connect:Direct Web Services uses default credentials for potentially critical operations. 4. CVSS Base Score: 8.1. 5. CVSS Temporal Score: 8.1. 6. Affected Products and Versions: - IBM Sterling Connect:Direct Web Services 6.3 - IBM Sterling Connect:Direct Web Services 6.1 - IBM Sterling Connect:Direct Web Services 6.2 - IBM Sterling Connect:Direct Web Services 6.0 7. Remediation Recommendations: - For version 6.3.0.9, apply Fix Central. - For version 6.1.0.25, apply Fix Central. - For version 6.2.0.24, apply Fix Central. - For version 6.0, upgrade to 6.1.0.25, 6.2.0.24, or 6.3.0.9. 8. Workarounds and Mitigations: None. 9. Notification Subscription: Subscribe to My Notifications to receive alerts for future security advisories. 10. Related Links: - Complete CVSS v3 Guide - Online Calculator v3 - IBM Security Engineering Website Portal - IBM Product Security Incident Response Blog 11. Disclaimer: The CVSS scores provided by IBM are for reference only and do not guarantee the security of any specific product. Customers should independently assess the security of affected products. This information helps users understand the severity of the vulnerability, the affected products and versions, remediation recommendations, and how to obtain additional details.

Goal Reached Thanks to every supporter — we hit 100%!

IBM Sterling Connect:Direct Web Services Default Credentials Vulnerability (CVE-2024-39747)