PT-2026-3587

Name of the Vulnerable Software and Affected Versions IBM Sterling Connect:Express Adapter for Sterling B2B Integrator versions 5.2.0.00 through 5.2.0.12 Description The software does not invalidate session data after a user logs out. This could potentially allow an authenticated user to...

Security Bulletin: IBM Sterling Connect:Express for UNIX is vulnerable to denial of service due to OpenSSL

Summary OpenSSL is used by IBM Sterling Connect:Express for UNIX. IBM Sterling Connect:Express for UNIX has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks...

Security Bulletin: IBM Sterling Connect:Express for UNIX uses vulnerable version of OpenSSL

Summary IBM Sterling Connect:Express for UNIX uses a version OpenSSL which is vulnerable to denial of service CVE-2024-2511. This issue has been addressed by upgrading the version of OpenSSL. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caus...

IBM Sterling Connect:Express for UNIX Buffer Overflow Vulnerability

IBM Sterling Connect:Express for UNIX is a file transfer solution for the UNIX platform from International Business Machines IBM. A buffer overflow vulnerability exists in IBM Sterling Connect:Express for UNIX version 1.5.0, which originates from the program's failure to properly validate the...

CVE-2023-32331

IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979...

Buffer overflow

IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979...

CVE-2023-32331

CVE-2023-32331 – IBM Sterling Connect:Express for UNIX (1.5.0) is affected by a buffer overflow in the browser UI that can allow a remote attacker to cause a denial of service. The vulnerability originates from improper validation of input data. Remediation provided by IBM recommends upgrading to...

CVE-2023-32331 IBM Connect:Express for UNIX denial of service

IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979...

CVE-2023-32331 IBM Connect:Express for UNIX denial of service

IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979...

Server side request forgery (ssrf)

IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135...

CVE-2023-29260 IBM Sterling Connect:Express for UNIX server-side request forgery

IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135...

CVE-2023-29260 IBM Sterling Connect:Express for UNIX server-side request forgery

IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135...

CVE-2023-29259 IBM Sterling Connect:Express for UNIX information disclosure

IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055...

CVE-2023-29259 IBM Sterling Connect:Express for UNIX information disclosure

IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055...

Security Bulletin: IBM Sterling Connect:Express for UNIX is vulnerable to a buffer overflow through its browser UI (CVE-2023-32331)

Summary IBM Sterling Connect:Express for UNIX is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. Vulnerability Details CVEID:CVE-2023-32331 DESCRIPTION: IBM Connect:Express for UNIX is vulnerable to a buffer overflow that cou...

Security Bulletin: IBM Sterling Connect:Express for UNIX browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute

Summary IBM Sterling Connect:Express for UNIX browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute Vulnerability Details CVEID:CVE-2023-29259 DESCRIPTION: IBM Sterling Connect:Express for UNIX browser UI is vulnerable to attacks that rely on the use o...

Security Bulletin: IBM Sterling Connect:Express for UNIX is vulnerable to server-side request forgery (SSRF)

Summary IBM Sterling Connect:Express for UNIX is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. Vulnerability Details...

Security Bulletin: IBM Sterling Connect:Express uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Summary IBM Sterling Connect:Express uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Vulnerability Details CVEID:CVE-2021-38933 DESCRIPTION: IBM Sterling Connect:Direct uses weaker than expected cryptographic algorithms that...

Security Bulletin: IBM Sterling Connect:Express for UNIX is vulnerable to denial of service due to OpenSSL (CVE-2022-4450)

Summary OpenSSL is used by IBM Sterling Connect:Express for UNIX. IBM Sterling Connect:Express for UNIX has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper...

Security Bulletin: IBM Sterling Connect:Express for UNIX is affected by multiple vulnerabilities in OpenSSL

Summary A number of security vulnerabilities have been discovered in the OpenSSL libraries included in IBM Sterling Connect:Express for UNIX. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side...