Lucene search

Sterling Connect:Direct Security Vulnerabilities

cve

CVE-2016-0380

IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations.

3.3CVSS

3.6AI Score

0.0004EPSS

2016-08-08 01:59 AM

cve

CVE-2016-5991

IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.

4.5CVSS

4.7AI Score

0.0004EPSS

2016-11-25 03:59 AM

cve

CVE-2016-5992

IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors.

2.5CVSS

3.9AI Score

0.0004EPSS

2016-11-25 03:59 AM

cve

CVE-2018-1903

IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.

6.7CVSS

6.5AI Score

0.0004EPSS

2019-04-10 03:29 PM

cve

CVE-2020-4587

IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578.

7.8CVSS

7.3AI Score

0.0004EPSS

2020-08-24 04:15 PM

cve

CVE-2020-4767

IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906.

7.5CVSS

7.5AI Score

0.001EPSS

2020-10-28 05:15 PM

cve

CVE-2021-38890

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.

7.5CVSS

7.3AI Score

0.002EPSS

2021-11-23 08:15 PM

cve

CVE-2021-38891

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.

7.5CVSS

7.2AI Score

0.001EPSS

2021-11-23 08:15 PM

cve

CVE-2021-39032

IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 213962.

5.5CVSS

5AI Score

0.0004EPSS

2022-01-14 05:15 PM

cve

CVE-2024-39744

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

4.3CVSS

4.8AI Score

0.0004EPSS

2024-08-22 11:15 AM

cve

CVE-2024-39745

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5CVSS

5.6AI Score

0.001EPSS

2024-08-22 11:15 AM

cve

CVE-2024-39746

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middl...

5.9CVSS

5.5AI Score

0.001EPSS

2024-08-22 11:15 AM

cve

CVE-2024-39747

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.

9.8CVSS

8.2AI Score

0.001EPSS

2024-08-31 02:15 AM