Product:

Sterling_connect\:direct

(Ibm)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 8
Date Id Summary Products Score Patch Annotated
2020-08-24 CVE-2020-4587 IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578. Connect\:direct, Sterling_connect\:direct 7.8
2020-10-28 CVE-2020-4767 IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906. Sterling_connect\:direct 7.5
2021-11-23 CVE-2021-38890 IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507. Sterling_connect\:direct 7.5
2021-11-23 CVE-2021-38891 IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508. Sterling_connect\:direct 7.5
2016-08-08 CVE-2016-0380 IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations. Sterling_connect\:direct N/A
2019-04-10 CVE-2018-1903 IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532. Sterling_connect\:direct 6.7
2016-11-25 CVE-2016-5992 IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors. Sterling_connect\:direct 2.5
2016-11-25 CVE-2016-5991 IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors. Sterling_connect\:direct 4.5