Ibm: >> Sterling Connect Security Vulnerabilities
IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-03-04
IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-07-19
IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055.
CVSS Score
3.7
EPSS Score
0.001
Published
2023-07-19
IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-07-19
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.
CVSS Score
5.9
EPSS Score
0.002
Published
2021-11-23
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.
CVSS Score
5.9
EPSS Score
0.001
Published
2021-11-23
IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-10-28
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578.
CVSS Score
8.4
EPSS Score
0.0
Published
2020-08-24
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.
CVSS Score
6.7
EPSS Score
0.0
Published
2019-04-10
IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138.
CVSS Score
7.3
EPSS Score
0.001
Published
2018-05-01
Page 1