7.2
CVE-2025-36137
- EPSS 0.05%
- Veröffentlicht 30.10.2025 18:53:32
- Zuletzt bearbeitet 12.12.2025 17:25:08
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Sterling Connect:direct SwPlatformunix Version >= 6.2.0.7 < 6.2.0.9
Ibm ≫ Sterling Connect:direct SwPlatformunix Version >= 6.3.0.2 < 6.3.0.5
Ibm ≫ Sterling Connect:direct SwPlatformunix Version >= 6.4.0.0 < 6.4.0.2
Ibm ≫ Sterling Connect:direct Version6.2.0.9 Edition- SwPlatformunix
Ibm ≫ Sterling Connect:direct Version6.2.0.9 Updateifix004 Edition- SwPlatformunix
Ibm ≫ Sterling Connect:direct Version6.3.0.5 Edition- SwPlatformunix
Ibm ≫ Sterling Connect:direct Version6.3.0.5 Updateifix002 Edition- SwPlatformunix
Ibm ≫ Sterling Connect:direct Version6.4.0.2 Edition- SwPlatformunix
Ibm ≫ Sterling Connect:direct Version6.4.0.2 Updateifix001 Edition- SwPlatformunix
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.151 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@us.ibm.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-250 Execution with Unnecessary Privileges
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.