Sterling Connect:direct Security Vulnerabilities and Issues — Sterling Connect:direct CVE List

Lucene search

IbmSterling Connect:direct

9 matches found

CVE•added 2023/07/19 2:15 a.m.•44 views

CVE-2023-29260

IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135.

6.5CVSS5.7AI score0.00048EPSS

CVE•added 2021/11/23 8:15 p.m.•40 views

CVE-2021-38891

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.

7.5CVSS7.2AI score0.00096EPSS

CVE•added 2016/08/08 1:59 a.m.•37 views

CVE-2016-0380

IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations.

3.3CVSS3.6AI score0.00041EPSS

CVE•added 2016/11/25 3:59 a.m.•35 views

CVE-2016-5991

IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.

4.5CVSS4.7AI score0.00058EPSS

CVE•added 2020/08/24 4:15 p.m.•31 views

CVE-2020-4587

IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578.

8.4CVSS7.3AI score0.00038EPSS

CVE•added 2016/11/25 3:59 a.m.•29 views

CVE-2016-5992

IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors.

2.5CVSS3.9AI score0.00052EPSS

CVE•added 2019/04/10 3:29 p.m.•28 views

CVE-2018-1903

IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.

7.2CVSS6.5AI score0.0004EPSS

CVE•added 2020/10/28 5:15 p.m.•27 views

CVE-2020-4767

IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906.

7.5CVSS7.5AI score0.00729EPSS

CVE•added 2021/11/23 8:15 p.m.•27 views

CVE-2021-38890

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.

7.5CVSS7.3AI score0.00186EPSS