CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-38890
https://notcve.org/view.php?id=CVE-2021-38890
23 Nov 2021 — IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507. IBM Sterling Connect:Direct Web Services versiones 1.0 y 6.0, usa una configuración de bloqueo de cuenta inapropiada que podría permitir a un atacante remoto forzar las credenciales de la cuenta. IBM X-Force ID: 209507 • https://exchange.xforce.ibmcloud.com/vulnerabilities/209507 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20560
https://notcve.org/view.php?id=CVE-2021-20560
26 Jul 2021 — IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 199229. IBM Sterling Connect:Direct Browser User Interface versiones 1.4.1.1 y 1.5.0.2, podría permitir a un atacante remoto secuestrar la acción de hac... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199229 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4767
https://notcve.org/view.php?id=CVE-2020-4767
28 Oct 2020 — IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906. IBM Sterling Connect Direct para Microsoft Windows versiones 4.7, 4.8, 6.0 y 6.1, podría permitir a un atacante remoto causar una denegación de servicio, causada por una lectura excesiva del búfer. Mediante el envío de una petició... • https://exchange.xforce.ibmcloud.com/vulnerabilities/188906 • CWE-125: Out-of-bounds Read •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4587
https://notcve.org/view.php?id=CVE-2020-4587
24 Aug 2020 — IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578. IBM Sterling Connect:Direct para UNIX versiones 4.2.0, 4.3.0, 6.0.0 y 6.1.0, es vulnerable a un desbordamiento de búfer en la región stack de la memoria, causado por una comprobación de límites inapropiada. Un atacante local podría manipular CD UNIX para obtener priv... • https://exchange.xforce.ibmcloud.com/vulnerabilities/184578 • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1903
https://notcve.org/view.php?id=CVE-2018-1903
10 Apr 2019 — IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532. IBM Sterling Connect: Direct para UNIX versión 4.2.0,versión 4.3.0 y versión 6.0.0 podría permitir a un usuario con acceso sudo restringido en un sistema manipular CD UNIX para obtener acceso completo sudo. ID de IBM X-Force: 152532. • http://www.ibm.com/support/docview.wss?uid=ibm10875386 •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4035
https://notcve.org/view.php?id=CVE-2013-4035
01 May 2018 — IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138. IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0 y 3.6.0.1 permite que atacantes remotos provoquen un impacto sin especificar aprovechando el error a la hora de rech... • https://exchange.xforce.ibmcloud.com/vulnerabilities/86138 • CWE-310: Cryptographic Issues •
CVSS: 4.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-5991
https://notcve.org/view.php?id=CVE-2016-5991
25 Nov 2016 — IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors. IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 en versiones anteriores a 4.6.0.6 iFix008 y 4.7.0 en versiones anteriores a 4.7.0.4 en Windows permite a usuarios locales obtener privilegios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT16911 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-5992
https://notcve.org/view.php?id=CVE-2016-5992
25 Nov 2016 — IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors. IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 en versiones anteriores a 4.6.0.6 iFix008 y 4.7.0 en versiones anteriores a 4.7.0.4 en Windows permite a usuarios locales provocar una denegación de servicio a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT16911 •
CVSS: 3.3EPSS: 0%CPEs: 10EXPL: 0CVE-2016-0380
https://notcve.org/view.php?id=CVE-2016-0380
08 Aug 2016 — IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations. IBM Sterling Connect:Direct para Unix 4.1.0 en versiones anteriores a 4.1.0.4 iFix073 y 4.2.0 en versiones anteriores a 4.2.0.4 iFix003 utiliza permisos de archivo predeterminado de 0664, lo que permite a usuarios locales obtener información sensible a través de operaciones estánd... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT14769 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-6327
https://notcve.org/view.php?id=CVE-2013-6327
17 Dec 2013 — Cross-site scripting (XSS) vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross-frame scripting" issue. Vulnerabilidad de cross-site scripting (XSS) en la HTTP Option en IBM Sterling Connect:Enterprise 1.3 anterior a 1.3.0.2 iFix 1 y 1.4 anterior a 1.4.0.0 iFix 1 que permite a atacantes remotos inyectar secuencias de comandos web o... • http://www-01.ibm.com/support/docview.wss?uid=swg21659907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •