Vulnerabilities > IBM > Sterling Connect > direct
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-23 | CVE-2021-38890 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Sterling Connect:Direct IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2021-11-23 | CVE-2021-38891 | Inadequate Encryption Strength vulnerability in IBM Sterling Connect:Direct IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2020-10-28 | CVE-2020-4767 | Out-of-bounds Read vulnerability in IBM Sterling Connect:Direct IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. | 7.5 |
| 2020-08-24 | CVE-2020-4587 | Out-of-bounds Write vulnerability in IBM Connect:Direct and Sterling Connect:Direct IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. | 7.8 |
| 2019-04-10 | CVE-2018-1903 | Unspecified vulnerability in IBM Sterling Connect:Direct 4.2.0/4.3.0/6.0.0 IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. | 6.7 |
| 2016-11-25 | CVE-2016-5992 | Unspecified vulnerability in IBM Sterling Connect:Direct IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors. | 2.5 |
| 2016-11-25 | CVE-2016-5991 | Permissions, Privileges, and Access Controls vulnerability in IBM Sterling Connect:Direct IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors. | 4.5 |
| 2016-08-08 | CVE-2016-0380 | Permissions, Privileges, and Access Controls vulnerability in IBM Sterling Connect:Direct IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations. | 3.3 |