Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
AnalysisAI
Direct for UNIX Container 6.3.0.0 versions up to 6.3.0.6 is affected by use of hard-coded credentials (CVSS 8.4).
Technical ContextAI
This vulnerability (CWE-798: Use of Hard-coded Credentials) affects Direct for UNIX Container 6.3.0.0. IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Affected ProductsAI
Product: Direct for UNIX Container 6.3.0.0. Versions: up to 6.3.0.6.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-798 – Use of Hard-coded Credentials
View allShare
External POC / Exploit Code
Leaving vuln.today