Shodan
Vulnerabilities
Vulnerable Software
Ibm:  >> Sterling Connect  Security Vulnerabilities
CVE-2023-29260
IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-07-19
CVE-2021-38890
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.
CVSS Score
5.9
EPSS Score
0.002
Published
2021-11-23
CVE-2021-38891
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.
CVSS Score
5.9
EPSS Score
0.001
Published
2021-11-23
CVE-2020-4767
IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-10-28
CVE-2020-4587
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578.
CVSS Score
8.4
EPSS Score
0.0
Published
2020-08-24
CVE-2018-1903
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.
CVSS Score
6.7
EPSS Score
0.0
Published
2019-04-10
CVE-2013-4035
IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138.
CVSS Score
7.3
EPSS Score
0.001
Published
2018-05-01
CVE-2016-5992
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors.
CVSS Score
2.5
EPSS Score
0.001
Published
2016-11-25
CVE-2016-5991
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.
CVSS Score
4.5
EPSS Score
0.001
Published
2016-11-25
CVE-2016-0380
IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations.
CVSS Score
3.3
EPSS Score
0.0
Published
2016-08-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved