Sterling Connect CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (26 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2018-1903	1 Ibm	1 Sterling Connect\	2024-11-21	N/A
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.
CVE-2013-4035	1 Ibm	1 Sterling Connect	2024-11-21	N/A
IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138.
CVE-2024-39747	3 Ibm, Linux, Microsoft	4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more	2024-09-16	8.1 High
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
CVE-2024-39744	3 Ibm, Linux, Microsoft	5 Aix, Sterling Connect, Sterling Connect Direct Web Services and 2 more	2024-08-23	4.3 Medium
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2024-39745	3 Ibm, Linux, Microsoft	5 Aix, Sterling Connect, Sterling Connect Direct Web Services and 2 more	2024-08-23	5.9 Medium
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2024-39746	3 Ibm, Linux, Microsoft	5 Aix, Sterling Connect, Sterling Connect Direct Web Services and 2 more	2024-08-23	5.9 Medium
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

« first previous Page 2 of 2.