Skip to main content

Sterling Connect

12 CVEs product

Monthly

CVE-2025-36064 MEDIUM This Month

IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Microsoft Information Disclosure Sterling Connect Windows
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2023-29260 MEDIUM PATCH This Month

IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

SSRF IBM Sterling Connect
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-29259 MEDIUM PATCH This Month

IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Sterling Connect
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-38891 HIGH PATCH This Week

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling Connect
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-38890 HIGH PATCH This Week

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling Connect
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-4767 HIGH This Week

IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Buffer Overflow IBM Information Disclosure +1
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-4587 HIGH This Week

IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Memory Corruption Connect Sterling Connect
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2016-5992 LOW PATCH Monitor

IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors. Rated low severity (CVSS 2.5).

IBM Denial Of Service Microsoft Sterling Connect
NVD
CVSS 3.0
2.5
EPSS
0.1%
CVE-2016-5991 MEDIUM PATCH This Month

IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors. Rated medium severity (CVSS 4.5).

IBM Privilege Escalation Microsoft Sterling Connect
NVD
CVSS 3.0
4.5
EPSS
0.1%
CVE-2016-0380 LOW PATCH Monitor

IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Privilege Escalation Sterling Connect
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2013-2989 MEDIUM This Month

The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Sterling Connect
NVD
CVSS 2.0
6.8
EPSS
0.0%
CVE-2012-6352 MEDIUM This Month

The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on UNIX allows remote attackers to cause a denial of service (daemon crash and disk consumption) via crafted data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service IBM Sterling Connect
NVD
CVSS 2.0
5.0
EPSS
0.6%
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Microsoft Information Disclosure +2
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

SSRF IBM Sterling Connect
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Sterling Connect
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling Connect
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling Connect
NVD
EPSS 2% CVSS 7.5
HIGH This Week

IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Buffer Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Memory Corruption +2
NVD
EPSS 0% CVSS 2.5
LOW PATCH Monitor

IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors. Rated low severity (CVSS 2.5).

IBM Denial Of Service Microsoft +1
NVD
EPSS 0% CVSS 4.5
MEDIUM PATCH This Month

IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors. Rated medium severity (CVSS 4.5).

IBM Privilege Escalation Microsoft +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Privilege Escalation Sterling Connect
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Sterling Connect
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on UNIX allows remote attackers to cause a denial of service (daemon crash and disk consumption) via crafted data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service IBM +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy