Vulnerabilities > IBM > Sterling Connect Direct WEB Services > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-22 | CVE-2024-39744 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling Connect Direct web Services IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2024-08-22 | CVE-2024-39746 | Missing Encryption of Sensitive Data vulnerability in IBM Sterling Connect Direct web Services IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |