CVE-2016-5991

IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.

CVSS v3 4.5 MEDIUM
CVSS v2.0 4.4 MEDIUM

4.5^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability : 1.0 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IT16911	Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21989807	Patch Vendor Advisory
http://www.securityfocus.com/bid/94515
http://www-01.ibm.com/support/docview.wss?uid=swg1IT16911	Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21989807	Patch Vendor Advisory
http://www.securityfocus.com/bid/94515

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:sterling_connect\:direct:4.5:::::windows::
	cpe:2.3:a:ibm:sterling_connect\:direct:4.5.01:::::windows::
	cpe:2.3:a:ibm:sterling_connect\:direct:4.6:::::windows::
	cpe:2.3:a:ibm:sterling_connect\:direct:4.7:::::windows::

History

21 Nov 2024, 02:55

Type	Values Removed	Values Added
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1IT16911 - Patch, Vendor Advisory~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1IT16911 - Patch, Vendor Advisory
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21989807 - Patch, Vendor Advisory~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21989807 - Patch, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/94515 -~~	() http://www.securityfocus.com/bid/94515 -

Information

Published : 2016-11-25 03:59

Updated : 2025-04-12 10:46

NVD link : CVE-2016-5991

Mitre link : CVE-2016-5991

CVE.ORG link : CVE-2016-5991

JSON object : View

Products Affected

ibm

sterling_connect\

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2016-5991", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.0}]}, "published": "2016-11-25T03:59:13.783", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT16911", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989807", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/94515", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT16911", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989807", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/94515", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors."}, {"lang": "es", "value": "IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 en versiones anteriores a 4.6.0.6 iFix008 y 4.7.0 en versiones anteriores a 4.7.0.4 en Windows permite a usuarios locales obtener privilegios a trav\u00e9s de vectores no especificados."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_connect\\:direct:4.5:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "4A610CF6-9EF5-41FF-9C1D-2C3C21AA2F74"}, {"criteria": "cpe:2.3:a:ibm:sterling_connect\\:direct:4.5.01:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "6216F522-01AA-4037-994B-E86D07F24DBE"}, {"criteria": "cpe:2.3:a:ibm:sterling_connect\\:direct:4.6:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "3AB070F1-42FE-484F-AE3F-2DDA8A549253"}, {"criteria": "cpe:2.3:a:ibm:sterling_connect\\:direct:4.7:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "00DD42AA-6646-46C3-A35D-A81134FF593F"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}