Vulnerabilities > IBM > Sterling Connect

DATE CVE VULNERABILITY TITLE RISK
2023-07-19 CVE-2021-38933 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling Connect:Express for Unix 1.5.0
IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2023-07-19 CVE-2023-29259 Unspecified vulnerability in IBM Sterling Connect:Express for Unix 1.5.0
IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute.
network
low complexity
ibm
5.3
2023-07-19 CVE-2023-29260 Server-Side Request Forgery (SSRF) vulnerability in IBM Sterling Connect:Express for Unix 1.5.0
IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
5.4
2021-11-23 CVE-2021-38890 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Sterling Connect:Direct
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5
2021-11-23 CVE-2021-38891 Inadequate Encryption Strength vulnerability in IBM Sterling Connect:Direct
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
2020-10-28 CVE-2020-4767 Out-of-bounds Read vulnerability in IBM Sterling Connect:Direct
IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read.
network
low complexity
ibm CWE-125
7.5
2020-08-24 CVE-2020-4587 Out-of-bounds Write vulnerability in IBM Connect:Direct and Sterling Connect:Direct
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking.
local
low complexity
ibm CWE-787
7.8
2019-04-10 CVE-2018-1903 Unspecified vulnerability in IBM Sterling Connect:Direct 4.2.0/4.3.0/6.0.0
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access.
local
low complexity
ibm
6.7
2018-05-01 CVE-2013-4035 Cryptographic Issues vulnerability in IBM Sterling Connect
IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client.
low complexity
ibm CWE-310
7.3
2016-11-25 CVE-2016-5992 Unspecified vulnerability in IBM Sterling Connect:Direct
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors.
local
high complexity
ibm
2.5