IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sterling_connect_direct_web_services | Ibm | 6.0.0 (including) | 6.0.0 (including) |
Sterling_connect_direct_web_services | Ibm | 6.1.0 (including) | 6.1.0 (including) |
Sterling_connect_direct_web_services | Ibm | 6.2.0 (including) | 6.2.0 (including) |
Sterling_connect_direct_web_services | Ibm | 6.3.0 (including) | 6.3.0 (including) |