IBM Sterling Connect:Direct Web Services Session Management Vulnerability Allowing User Impersonation

Vulnerability

A session management vulnerability has been identified in IBM Sterling Connect:Direct Web Services versions 6.1.0, 6.2.0, and 6.3.0. The vulnerability arises because the application does not invalidate user sessions after a browser is closed. This oversight could enable an authenticated user to impersonate another user on the system.

Impact

Exploitation of this vulnerability could lead to unauthorized user impersonation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.3

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.3

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Sterling Connect:Direct Web Services Session Management Vulnerability Allowing User Impersonation

Vulnerability

Impact

Affected Products

IBM Sterling Connect:Direct Web Services

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating