Filtered by vendor Ibm
Subscriptions
Filtered by product Sterling Connect
Subscriptions
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-4035 | 1 Ibm | 1 Sterling Connect | 2024-11-21 | N/A |
IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138. | ||||
CVE-2013-2989 | 1 Ibm | 1 Sterling Connect | 2024-11-21 | N/A |
The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the Connect:Direct product. | ||||
CVE-2012-6352 | 1 Ibm | 1 Sterling Connect | 2024-11-21 | N/A |
The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on UNIX allows remote attackers to cause a denial of service (daemon crash and disk consumption) via crafted data. | ||||
CVE-2024-39744 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling Connect, Sterling Connect Direct Web Services and 2 more | 2024-08-23 | 4.3 Medium |
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
CVE-2024-39745 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling Connect, Sterling Connect Direct Web Services and 2 more | 2024-08-23 | 5.9 Medium |
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
CVE-2024-39746 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling Connect, Sterling Connect Direct Web Services and 2 more | 2024-08-23 | 5.9 Medium |
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. |
Page 1 of 1.