Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Filtered by product Sterling Connect\
Total 11 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-38933 3 Ibm, Linux, Oracle 4 Aix, Sterling Connect\, Linux Kernel and 1 more 2024-02-05 N/A 7.5 HIGH
IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574.
CVE-2023-29259 4 Ibm, Linux, Microsoft and 1 more 5 Aix, Sterling Connect\, Linux Kernel and 2 more 2024-02-05 N/A 5.3 MEDIUM
IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055.
CVE-2023-29260 4 Ibm, Linux, Microsoft and 1 more 5 Aix, Sterling Connect\, Linux Kernel and 2 more 2024-02-05 N/A 5.4 MEDIUM
IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135.
CVE-2021-38891 4 Ibm, Linux, Microsoft and 1 more 5 Aix, Sterling Connect\, Linux Kernel and 2 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.
CVE-2021-38890 4 Ibm, Linux, Microsoft and 1 more 5 Aix, Sterling Connect\, Linux Kernel and 2 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.
CVE-2020-4767 1 Ibm 1 Sterling Connect\ 2024-02-04 5.0 MEDIUM 7.5 HIGH
IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906.
CVE-2020-4587 1 Ibm 2 Connect\, Sterling Connect\ 2024-02-04 7.2 HIGH 7.8 HIGH
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578.
CVE-2018-1903 1 Ibm 1 Sterling Connect\ 2024-02-04 7.2 HIGH 6.7 MEDIUM
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.
CVE-2016-5991 1 Ibm 1 Sterling Connect\ 2024-02-04 4.4 MEDIUM 4.5 MEDIUM
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.
CVE-2016-5992 1 Ibm 1 Sterling Connect\ 2024-02-04 1.9 LOW 2.5 LOW
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors.
CVE-2016-0380 1 Ibm 1 Sterling Connect\ 2024-02-04 2.1 LOW 3.3 LOW
IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations.