Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Sterling Connect:Direct Security Vulnerabilities

cve
cve

CVE-2016-0380

IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations.

3.3CVSS

3.6AI Score

0.0004EPSS

2016-08-08 01:59 AM
18
cve
cve

CVE-2016-5991

IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.

4.5CVSS

4.7AI Score

0.0004EPSS

2016-11-25 03:59 AM
24
cve
cve

CVE-2016-5992

IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors.

2.5CVSS

3.9AI Score

0.0004EPSS

2016-11-25 03:59 AM
19
cve
cve

CVE-2018-1903

IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.

6.7CVSS

6.5AI Score

0.0004EPSS

2019-04-10 03:29 PM
16
cve
cve

CVE-2020-4587

IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578.

7.8CVSS

7.3AI Score

0.0004EPSS

2020-08-24 04:15 PM
21
cve
cve

CVE-2020-4747

IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. IBM X-Force ID: 188516.

9.8CVSS

8.7AI Score

0.004EPSS

2020-12-15 03:15 PM
20
cve
cve

CVE-2020-4767

IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906.

7.5CVSS

7.5AI Score

0.001EPSS

2020-10-28 05:15 PM
16
cve
cve

CVE-2021-20560

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibl...

5.4CVSS

5.4AI Score

0.001EPSS

2021-07-26 12:15 PM
15
cve
cve

CVE-2021-38890

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.

7.5CVSS

7.3AI Score

0.002EPSS

2021-11-23 08:15 PM
16
cve
cve

CVE-2021-38891

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.

7.5CVSS

7.2AI Score

0.001EPSS

2021-11-23 08:15 PM
23