CVE-2021-38890
- EPSS 0.19%
- Veröffentlicht 23.11.2021 20:15:11
- Zuletzt bearbeitet 21.11.2024 06:18:09
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.
CVE-2021-38891
- EPSS 0.1%
- Veröffentlicht 23.11.2021 20:15:11
- Zuletzt bearbeitet 21.11.2024 06:18:09
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.
CVE-2020-4767
- EPSS 0.73%
- Veröffentlicht 28.10.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:33:13
IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to cras...
CVE-2020-4587
- EPSS 0.04%
- Veröffentlicht 24.08.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 05:32:56
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578.
CVE-2018-1903
- EPSS 0.04%
- Veröffentlicht 10.04.2019 15:29:00
- Zuletzt bearbeitet 21.11.2024 04:00:34
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.