Skip to main content

Sterling Control Center

7 CVEs product

Monthly

CVE-2023-43035 MEDIUM This Month

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Sterling Control Center
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2023-42007 MEDIUM This Month

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling Control Center
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-35894 MEDIUM This Month

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling Control Center
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2016-0252 MEDIUM This Month

IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Control Center Sterling Control Center
NVD
CVSS 3.0
5.1
EPSS
0.1%
CVE-2014-0925 LOW PATCH Monitor

Open redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 before 5.4.1.0 iFix 2 allows remote authenticated users to redirect users to arbitrary web sites and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM Open Redirect Sterling Control Center
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2013-2969 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sterling Control Center
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-2968 MEDIUM This Month

An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service IBM Sterling Control Center
NVD
CVSS 2.0
6.3
EPSS
0.4%
EPSS 0% CVSS 4.0
MEDIUM This Month

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Sterling Control Center
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling Control Center
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling Control Center
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Control Center +1
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Open redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 before 5.4.1.0 iFix 2 allows remote authenticated users to redirect users to arbitrary web sites and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM Open Redirect Sterling Control Center
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sterling Control Center
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service IBM +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy