Search criteria
38 vulnerabilities found for sterling_connect\ by ibm
CVE-2025-36115 (GCVE-0-2025-36115)
Vulnerability from nvd – Published: 2026-01-20 15:18 – Updated: 2026-01-20 15:51
VLAI?
Title
Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
Summary
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.
Severity ?
6.3 (Medium)
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 |
Affected:
5.2.0.00 , ≤ 5.2.0.12
(semver)
cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T15:51:26.339222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:51:47.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:*"
],
"product": "Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.2.0.12",
"status": "affected",
"version": "5.2.0.00",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.\u003c/p\u003e"
}
],
"value": "IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:18:17.680Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7257244"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product(s)\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0\u003c/td\u003e\u003ctd\u003e5.2.0.13\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Sterling+Connect%3AExpress+Adapter+for+Sterling+B2B+Integrator\u0026amp;release=5.2.0.13\u0026amp;platform=All\u0026amp;function=all\"\u003eIBM Support: Fix Central - Select fixes\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.0.13-Other-software-Sterling-Connect.Express.Adapter.for.Sterling.B2B.Integrator-fp0013\u0026amp;continue=1\"\u003e\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u0026nbsp;\u003c/div\u003e"
}
],
"value": "Affected Product(s)Fixed in releaseInstructionsSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.05.2.0.13 IBM Support: Fix Central - Select fixes https://www.ibm.com/support/fixcentral/swg/selectFixes https://www.ibm.com/support/fixcentral/swg/doSelectFixes"
}
],
"title": "Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36115",
"datePublished": "2026-01-20T15:18:17.680Z",
"dateReserved": "2025-04-15T21:16:17.124Z",
"dateUpdated": "2026-01-20T15:51:47.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36113 (GCVE-0-2025-36113)
Vulnerability from nvd – Published: 2026-01-20 15:15 – Updated: 2026-01-20 15:34
VLAI?
Title
Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
Summary
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 |
Affected:
5.2.0.00 , ≤ 5.2.0.12
(semver)
cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T15:33:36.308810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:34:16.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:*"
],
"product": "Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.2.0.12",
"status": "affected",
"version": "5.2.0.00",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
}
],
"value": "IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:15:55.890Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7257244"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cbr\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product(s)\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0\u003c/td\u003e\u003ctd\u003e5.2.0.13\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Sterling+Connect%3AExpress+Adapter+for+Sterling+B2B+Integrator\u0026amp;release=5.2.0.13\u0026amp;platform=All\u0026amp;function=all\"\u003eIBM Support: Fix Central - Select fixes\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.0.13-Other-software-Sterling-Connect.Express.Adapter.for.Sterling.B2B.Integrator-fp0013\u0026amp;continue=1\"\u003e\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Affected Product(s)Fixed in releaseInstructionsSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.05.2.0.13 IBM Support: Fix Central - Select fixes https://www.ibm.com/support/fixcentral/swg/selectFixes https://www.ibm.com/support/fixcentral/swg/doSelectFixes"
}
],
"title": "Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36113",
"datePublished": "2026-01-20T15:15:55.890Z",
"dateReserved": "2025-04-15T21:16:17.123Z",
"dateUpdated": "2026-01-20T15:34:16.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36066 (GCVE-0-2025-36066)
Vulnerability from nvd – Published: 2026-01-20 15:14 – Updated: 2026-01-20 15:36
VLAI?
Title
Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
Summary
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 |
Affected:
5.2.0.00 , ≤ 5.2.0.12
(semver)
cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36066",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T15:35:41.325034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:36:00.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:*"
],
"product": "Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.2.0.12",
"status": "affected",
"version": "5.2.0.00",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
}
],
"value": "IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:14:03.557Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7257244"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product(s)\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0\u003c/td\u003e\u003ctd\u003e5.2.0.13\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Sterling+Connect%3AExpress+Adapter+for+Sterling+B2B+Integrator\u0026amp;release=5.2.0.13\u0026amp;platform=All\u0026amp;function=all\"\u003eIBM Support: Fix Central - Select fixes\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Affected Product(s)Fixed in releaseInstructionsSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.05.2.0.13 IBM Support: Fix Central - Select fixes https://www.ibm.com/support/fixcentral/swg/selectFixes"
}
],
"title": "Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36066",
"datePublished": "2026-01-20T15:14:03.557Z",
"dateReserved": "2025-04-15T21:16:12.197Z",
"dateUpdated": "2026-01-20T15:36:00.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36065 (GCVE-0-2025-36065)
Vulnerability from nvd – Published: 2026-01-20 15:12 – Updated: 2026-01-20 15:38
VLAI?
Title
Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
Summary
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.
Severity ?
6.3 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 |
Affected:
5.2.0.00 , ≤ 5.2.0.12
(semver)
cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T15:37:51.256058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:38:07.346Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:*"
],
"product": "Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.2.0.12",
"status": "affected",
"version": "5.2.0.00",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.\u003c/p\u003e"
}
],
"value": "IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:12:47.078Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7257244"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product(s)\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0\u003c/td\u003e\u003ctd\u003e5.2.0.13\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Sterling+Connect%3AExpress+Adapter+for+Sterling+B2B+Integrator\u0026amp;release=5.2.0.13\u0026amp;platform=All\u0026amp;function=all\"\u003eIBM Support: Fix Central - Select fixes\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Affected Product(s)Fixed in releaseInstructionsSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.05.2.0.13 IBM Support: Fix Central - Select fixes https://www.ibm.com/support/fixcentral/swg/selectFixes"
}
],
"title": "Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36065",
"datePublished": "2026-01-20T15:12:47.078Z",
"dateReserved": "2025-04-15T21:16:12.197Z",
"dateUpdated": "2026-01-20T15:38:07.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36063 (GCVE-0-2025-36063)
Vulnerability from nvd – Published: 2026-01-20 15:10 – Updated: 2026-01-20 15:39
VLAI?
Title
Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
Summary
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
Severity ?
6.3 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 |
Affected:
5.2.0.00 , ≤ 5.2.0.12
(semver)
cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36063",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T15:39:28.949190Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:39:45.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:*"
],
"product": "Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.2.0.12",
"status": "affected",
"version": "5.2.0.00",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.\u003c/p\u003e"
}
],
"value": "IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:10:57.747Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7257244"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cbr\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product(s)\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0\u003c/td\u003e\u003ctd\u003e5.2.0.13\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Sterling+Connect%3AExpress+Adapter+for+Sterling+B2B+Integrator\u0026amp;release=5.2.0.13\u0026amp;platform=All\u0026amp;function=all\"\u003eIBM Support: Fix Central - Select fixes\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.0.13-Other-software-Sterling-Connect.Express.Adapter.for.Sterling.B2B.Integrator-fp0013\u0026amp;continue=1\"\u003e\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u0026nbsp;\u003c/div\u003e"
}
],
"value": "Affected Product(s)Fixed in releaseInstructionsSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.05.2.0.13 IBM Support: Fix Central - Select fixes https://www.ibm.com/support/fixcentral/swg/selectFixes https://www.ibm.com/support/fixcentral/swg/doSelectFixes"
}
],
"title": "Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36063",
"datePublished": "2026-01-20T15:10:57.747Z",
"dateReserved": "2025-04-15T21:16:12.197Z",
"dateUpdated": "2026-01-20T15:39:45.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36137 (GCVE-0-2025-36137)
Vulnerability from nvd – Published: 2025-10-30 18:53 – Updated: 2025-11-01 03:55
VLAI?
Title
IBM Sterling Connect:Direct for UNIX command execution
Summary
IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts.
Severity ?
7.2 (High)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct for Unix |
Affected:
6.2.0.7 , ≤ 6.2.0.9 iFix004
(semver)
Affected: 6.4.0.0 , ≤ 6.4.0.2 iFix001 (semver) Affected: 6.3.0.2 , ≤ 6.3.0.5 iFix002 (semver) cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.7:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.9:ifix004:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect\:direct:6.4.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect\:direct:6.4.0.2.:ifix001:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect\:direct:6.3.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_connect\:direct:6.3.0.5.:ifix002:*:*:*:unix:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-01T03:55:53.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connect\\:direct:6.2.0.7:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect\\:direct:6.2.0.9:ifix004:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect\\:direct:6.4.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect\\:direct:6.4.0.2.:ifix001:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect\\:direct:6.3.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_connect\\:direct:6.3.0.5.:ifix002:*:*:*:unix:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling Connect:Direct for Unix",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.2.0.9 iFix004",
"status": "affected",
"version": "6.2.0.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.0.2 iFix001",
"status": "affected",
"version": "6.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.0.5 iFix002",
"status": "affected",
"version": "6.3.0.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts."
}
],
"value": "IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T18:53:32.576Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249678"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading Product Version Remediation/Fix/Instructions IBM Sterling Connect:Direct for UNIX 6.4.0 Apply 6.4.0.2.iFix004, available on Fix Central . IBM Sterling Connect:Direct for UNIX 6.3.0 Apply 6.3.0.5.iFix008, available on Fix Central . IBM Sterling Connect:Direct for UNIX 6.2.0 Apply 6.2.0.9.iFix005, available on Fix Central .\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading Product Version Remediation/Fix/Instructions IBM Sterling Connect:Direct for UNIX 6.4.0 Apply 6.4.0.2.iFix004, available on Fix Central . IBM Sterling Connect:Direct for UNIX 6.3.0 Apply 6.3.0.5.iFix008, available on Fix Central . IBM Sterling Connect:Direct for UNIX 6.2.0 Apply 6.2.0.9.iFix005, available on Fix Central ."
}
],
"title": "IBM Sterling Connect:Direct for UNIX command execution",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36137",
"datePublished": "2025-10-30T18:53:32.576Z",
"dateReserved": "2025-04-15T21:16:19.008Z",
"dateUpdated": "2025-11-01T03:55:53.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36064 (GCVE-0-2025-36064)
Vulnerability from nvd – Published: 2025-09-22 18:25 – Updated: 2025-09-22 20:29
VLAI?
Title
IBM Sterling Connect:Express for Microsoft Windows information disclosure
Summary
IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
Severity ?
5.9 (Medium)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express for Microsoft Windows |
Affected:
3.1.0.0 , ≤ 3.1.0.22
(semver)
cpe:2.3:a:ibm:sterling_connect:express_for_windows:3.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_connect:express_for_windows:3.1.0.22:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36064",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-22T20:29:35.309961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T20:29:49.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connect:express_for_windows:3.1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_connect:express_for_windows:3.1.0.22:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling Connect:Express for Microsoft Windows",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "3.1.0.22",
"status": "affected",
"version": "3.1.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials."
}
],
"value": "IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T18:25:38.219Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7245761"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading ...\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eAffected Product(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation / Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling Connect:Express for Microsoft Windows\u003c/td\u003e\u003ctd\u003e3.1.0.0 - 3.1.0.22\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Sterling+Connect%3AExpress+for+Microsoft+Windows\u0026amp;release=All\u0026amp;platform=Windows\u0026amp;function=aparId\u0026amp;apars=IT48571\"\u003e3.1.0.23\u003c/a\u003e, available on Fix Central\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading ...\n\nAffected Product(s)Version(s)Remediation / FixIBM Sterling Connect:Express for Microsoft Windows3.1.0.0 - 3.1.0.22Apply 3.1.0.23 https://www.ibm.com/support/fixcentral/swg/selectFixes , available on Fix Central"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Connect:Express for Microsoft Windows information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36064",
"datePublished": "2025-09-22T18:25:38.219Z",
"dateReserved": "2025-04-15T21:16:12.197Z",
"dateUpdated": "2025-09-22T20:29:49.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32331 (GCVE-0-2023-32331)
Vulnerability from nvd – Published: 2024-03-04 18:38 – Updated: 2024-08-02 15:10
VLAI?
Title
IBM Connect:Express for UNIX denial of service
Summary
IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979.
Severity ?
7.5 (High)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express for UNIX |
Affected:
1.5.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T16:07:50.307756Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:18.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7011443"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sterling Connect:Express for UNIX",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979."
}
],
"value": "IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-04T18:38:46.392Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7011443"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254979"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Connect:Express for UNIX denial of service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-32331",
"datePublished": "2024-03-04T18:38:46.392Z",
"dateReserved": "2023-05-08T18:32:34.088Z",
"dateUpdated": "2024-08-02T15:10:24.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29260 (GCVE-0-2023-29260)
Vulnerability from nvd – Published: 2023-07-19 01:17 – Updated: 2024-10-28 15:08
VLAI?
Title
IBM Sterling Connect:Express for UNIX server-side request forgery
Summary
IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135.
Severity ?
6.5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express for UNIX |
Affected:
1.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7010923"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252135"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connect\\:express_for_unix:1.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "sterling_connect\\",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "express_for_unix_1.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T15:05:21.270633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T15:08:24.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sterling Connect:Express for UNIX",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135."
}
],
"value": "IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T01:17:31.614Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7010923"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252135"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Connect:Express for UNIX server-side request forgery",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-29260",
"datePublished": "2023-07-19T01:17:31.614Z",
"dateReserved": "2023-04-04T18:46:07.427Z",
"dateUpdated": "2024-10-28T15:08:24.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29259 (GCVE-0-2023-29259)
Vulnerability from nvd – Published: 2023-07-19 01:14 – Updated: 2024-10-21 18:55
VLAI?
Title
IBM Sterling Connect:Express for UNIX information disclosure
Summary
IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055.
Severity ?
CWE
- 1275 Sensitive Cookie with Improper SameSite Attribute
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express for UNIX |
Affected:
1.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7010921"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252055"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T18:54:23.515279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T18:55:22.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sterling Connect:Express for UNIX",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055."
}
],
"value": "IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "1275 Sensitive Cookie with Improper SameSite Attribute",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T01:14:57.925Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7010921"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252055"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Connect:Express for UNIX information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-29259",
"datePublished": "2023-07-19T01:14:57.925Z",
"dateReserved": "2023-04-04T18:46:07.427Z",
"dateUpdated": "2024-10-21T18:55:22.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38933 (GCVE-0-2021-38933)
Vulnerability from nvd – Published: 2023-07-19 01:22 – Updated: 2024-10-21 18:12
VLAI?
Title
IBM Sterling Connect:Express for UNIX information disclosure
Summary
IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574.
Severity ?
5.9 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express for UNIX |
Affected:
1.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:20.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7010925"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210574"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T18:12:26.239093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T18:12:35.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sterling Connect:Express for UNIX",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574."
}
],
"value": "IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T01:22:12.736Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7010925"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210574"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Connect:Express for UNIX information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-38933",
"datePublished": "2023-07-19T01:22:12.736Z",
"dateReserved": "2021-08-16T18:59:46.177Z",
"dateUpdated": "2024-10-21T18:12:35.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38891 (GCVE-0-2021-38891)
Vulnerability from nvd – Published: 2021-11-23 19:15 – Updated: 2024-09-16 23:41
VLAI?
Summary
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Connect:Direct Web Services |
Affected:
6.0
Affected: 1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:20.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6518582"
},
{
"name": "ibm-sterling-cve202138891-info-disc (209508)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209508"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Connect:Direct Web Services",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "1.0"
}
]
}
],
"datePublic": "2021-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:N/S:U/AC:H/UI:N/AV:N/A:N/C:H/I:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-23T19:15:34",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6518582"
},
{
"name": "ibm-sterling-cve202138891-info-disc (209508)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209508"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-11-22T00:00:00",
"ID": "CVE-2021-38891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Connect:Direct Web Services",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6518582",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6518582 (Connect:Direct Web Services)",
"url": "https://www.ibm.com/support/pages/node/6518582"
},
{
"name": "ibm-sterling-cve202138891-info-disc (209508)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209508"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-38891",
"datePublished": "2021-11-23T19:15:34.650502Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-16T23:41:39.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38890 (GCVE-0-2021-38890)
Vulnerability from nvd – Published: 2021-11-23 19:15 – Updated: 2024-09-17 02:12
VLAI?
Summary
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Connect:Direct Web Services |
Affected:
6.0
Affected: 1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:20.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6518586"
},
{
"name": "ibm-sterling-cve202138890-info-disc (209507)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209507"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Connect:Direct Web Services",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "1.0"
}
]
}
],
"datePublic": "2021-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/S:U/PR:N/AC:H/UI:N/AV:N/A:N/C:H/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-23T19:15:33",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6518586"
},
{
"name": "ibm-sterling-cve202138890-info-disc (209507)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209507"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-11-22T00:00:00",
"ID": "CVE-2021-38890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Connect:Direct Web Services",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6518586",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6518586 (Connect:Direct Web Services)",
"url": "https://www.ibm.com/support/pages/node/6518586"
},
{
"name": "ibm-sterling-cve202138890-info-disc (209507)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209507"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-38890",
"datePublished": "2021-11-23T19:15:33.262957Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-17T02:12:03.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4767 (GCVE-0-2020-4767)
Vulnerability from nvd – Published: 2020-10-28 16:15 – Updated: 2024-09-16 17:59
VLAI?
Summary
IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906.
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect Direct for Microsoft Windows |
Affected:
4.7
Affected: 4.8 Affected: 6.0 Affected: 6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:58.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6356019"
},
{
"name": "ibm-sterling-cve20204767-dos (188906)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188906"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sterling Connect Direct for Microsoft Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"status": "affected",
"version": "4.8"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
}
]
}
],
"datePublic": "2020-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/A:H/I:N/PR:N/AV:N/C:N/AC:L/S:U/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T16:15:19",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6356019"
},
{
"name": "ibm-sterling-cve20204767-dos (188906)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188906"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-27T00:00:00",
"ID": "CVE-2020-4767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling Connect Direct for Microsoft Windows",
"version": {
"version_data": [
{
"version_value": "4.7"
},
{
"version_value": "4.8"
},
{
"version_value": "6.0"
},
{
"version_value": "6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6356019",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6356019 (Sterling Connect Direct for Microsoft Windows)",
"url": "https://www.ibm.com/support/pages/node/6356019"
},
{
"name": "ibm-sterling-cve20204767-dos (188906)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188906"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4767",
"datePublished": "2020-10-28T16:15:19.451086Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T17:59:04.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4587 (GCVE-0-2020-4587)
Vulnerability from nvd – Published: 2020-08-24 15:30 – Updated: 2024-09-16 23:41
VLAI?
Summary
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Sterling Connect:Direct for UNIX |
Affected:
4.2.0
Affected: 4.3.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:49.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6320317"
},
{
"name": "ibm-sterling-cve20204587-bo (184578)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184578"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sterling Connect:Direct for UNIX",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.3.0"
}
]
},
{
"product": "Connect:Direct for UNIX",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"datePublic": "2020-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/PR:N/C:H/AV:L/S:U/I:H/UI:N/AC:L/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-24T15:30:31",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6320317"
},
{
"name": "ibm-sterling-cve20204587-bo (184578)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184578"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-08-21T00:00:00",
"ID": "CVE-2020-4587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling Connect:Direct for UNIX",
"version": {
"version_data": [
{
"version_value": "4.2.0"
},
{
"version_value": "4.3.0"
}
]
}
},
{
"product_name": "Connect:Direct for UNIX",
"version": {
"version_data": [
{
"version_value": "6.1.0"
},
{
"version_value": "6.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6320317",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6320317 (Connect:Direct for UNIX)",
"url": "https://www.ibm.com/support/pages/node/6320317"
},
{
"name": "ibm-sterling-cve20204587-bo (184578)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184578"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4587",
"datePublished": "2020-08-24T15:30:31.574862Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T23:41:45.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36115 (GCVE-0-2025-36115)
Vulnerability from cvelistv5 – Published: 2026-01-20 15:18 – Updated: 2026-01-20 15:51
VLAI?
Title
Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
Summary
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.
Severity ?
6.3 (Medium)
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 |
Affected:
5.2.0.00 , ≤ 5.2.0.12
(semver)
cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T15:51:26.339222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:51:47.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:*"
],
"product": "Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.2.0.12",
"status": "affected",
"version": "5.2.0.00",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.\u003c/p\u003e"
}
],
"value": "IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:18:17.680Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7257244"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product(s)\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0\u003c/td\u003e\u003ctd\u003e5.2.0.13\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Sterling+Connect%3AExpress+Adapter+for+Sterling+B2B+Integrator\u0026amp;release=5.2.0.13\u0026amp;platform=All\u0026amp;function=all\"\u003eIBM Support: Fix Central - Select fixes\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.0.13-Other-software-Sterling-Connect.Express.Adapter.for.Sterling.B2B.Integrator-fp0013\u0026amp;continue=1\"\u003e\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u0026nbsp;\u003c/div\u003e"
}
],
"value": "Affected Product(s)Fixed in releaseInstructionsSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.05.2.0.13 IBM Support: Fix Central - Select fixes https://www.ibm.com/support/fixcentral/swg/selectFixes https://www.ibm.com/support/fixcentral/swg/doSelectFixes"
}
],
"title": "Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36115",
"datePublished": "2026-01-20T15:18:17.680Z",
"dateReserved": "2025-04-15T21:16:17.124Z",
"dateUpdated": "2026-01-20T15:51:47.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36113 (GCVE-0-2025-36113)
Vulnerability from cvelistv5 – Published: 2026-01-20 15:15 – Updated: 2026-01-20 15:34
VLAI?
Title
Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
Summary
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 |
Affected:
5.2.0.00 , ≤ 5.2.0.12
(semver)
cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T15:33:36.308810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:34:16.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:*"
],
"product": "Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.2.0.12",
"status": "affected",
"version": "5.2.0.00",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
}
],
"value": "IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:15:55.890Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7257244"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cbr\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product(s)\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0\u003c/td\u003e\u003ctd\u003e5.2.0.13\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Sterling+Connect%3AExpress+Adapter+for+Sterling+B2B+Integrator\u0026amp;release=5.2.0.13\u0026amp;platform=All\u0026amp;function=all\"\u003eIBM Support: Fix Central - Select fixes\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.0.13-Other-software-Sterling-Connect.Express.Adapter.for.Sterling.B2B.Integrator-fp0013\u0026amp;continue=1\"\u003e\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Affected Product(s)Fixed in releaseInstructionsSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.05.2.0.13 IBM Support: Fix Central - Select fixes https://www.ibm.com/support/fixcentral/swg/selectFixes https://www.ibm.com/support/fixcentral/swg/doSelectFixes"
}
],
"title": "Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36113",
"datePublished": "2026-01-20T15:15:55.890Z",
"dateReserved": "2025-04-15T21:16:17.123Z",
"dateUpdated": "2026-01-20T15:34:16.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36066 (GCVE-0-2025-36066)
Vulnerability from cvelistv5 – Published: 2026-01-20 15:14 – Updated: 2026-01-20 15:36
VLAI?
Title
Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
Summary
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 |
Affected:
5.2.0.00 , ≤ 5.2.0.12
(semver)
cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36066",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T15:35:41.325034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:36:00.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:*"
],
"product": "Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.2.0.12",
"status": "affected",
"version": "5.2.0.00",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
}
],
"value": "IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:14:03.557Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7257244"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product(s)\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0\u003c/td\u003e\u003ctd\u003e5.2.0.13\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Sterling+Connect%3AExpress+Adapter+for+Sterling+B2B+Integrator\u0026amp;release=5.2.0.13\u0026amp;platform=All\u0026amp;function=all\"\u003eIBM Support: Fix Central - Select fixes\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Affected Product(s)Fixed in releaseInstructionsSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.05.2.0.13 IBM Support: Fix Central - Select fixes https://www.ibm.com/support/fixcentral/swg/selectFixes"
}
],
"title": "Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36066",
"datePublished": "2026-01-20T15:14:03.557Z",
"dateReserved": "2025-04-15T21:16:12.197Z",
"dateUpdated": "2026-01-20T15:36:00.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36065 (GCVE-0-2025-36065)
Vulnerability from cvelistv5 – Published: 2026-01-20 15:12 – Updated: 2026-01-20 15:38
VLAI?
Title
Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
Summary
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.
Severity ?
6.3 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 |
Affected:
5.2.0.00 , ≤ 5.2.0.12
(semver)
cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T15:37:51.256058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:38:07.346Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:*"
],
"product": "Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.2.0.12",
"status": "affected",
"version": "5.2.0.00",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.\u003c/p\u003e"
}
],
"value": "IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:12:47.078Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7257244"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product(s)\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0\u003c/td\u003e\u003ctd\u003e5.2.0.13\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Sterling+Connect%3AExpress+Adapter+for+Sterling+B2B+Integrator\u0026amp;release=5.2.0.13\u0026amp;platform=All\u0026amp;function=all\"\u003eIBM Support: Fix Central - Select fixes\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Affected Product(s)Fixed in releaseInstructionsSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.05.2.0.13 IBM Support: Fix Central - Select fixes https://www.ibm.com/support/fixcentral/swg/selectFixes"
}
],
"title": "Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36065",
"datePublished": "2026-01-20T15:12:47.078Z",
"dateReserved": "2025-04-15T21:16:12.197Z",
"dateUpdated": "2026-01-20T15:38:07.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36063 (GCVE-0-2025-36063)
Vulnerability from cvelistv5 – Published: 2026-01-20 15:10 – Updated: 2026-01-20 15:39
VLAI?
Title
Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
Summary
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
Severity ?
6.3 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 |
Affected:
5.2.0.00 , ≤ 5.2.0.12
(semver)
cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36063",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T15:39:28.949190Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:39:45.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:*"
],
"product": "Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.2.0.12",
"status": "affected",
"version": "5.2.0.00",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.\u003c/p\u003e"
}
],
"value": "IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:10:57.747Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7257244"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cbr\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product(s)\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0\u003c/td\u003e\u003ctd\u003e5.2.0.13\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Sterling+Connect%3AExpress+Adapter+for+Sterling+B2B+Integrator\u0026amp;release=5.2.0.13\u0026amp;platform=All\u0026amp;function=all\"\u003eIBM Support: Fix Central - Select fixes\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.0.13-Other-software-Sterling-Connect.Express.Adapter.for.Sterling.B2B.Integrator-fp0013\u0026amp;continue=1\"\u003e\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u0026nbsp;\u003c/div\u003e"
}
],
"value": "Affected Product(s)Fixed in releaseInstructionsSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.05.2.0.13 IBM Support: Fix Central - Select fixes https://www.ibm.com/support/fixcentral/swg/selectFixes https://www.ibm.com/support/fixcentral/swg/doSelectFixes"
}
],
"title": "Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36063",
"datePublished": "2026-01-20T15:10:57.747Z",
"dateReserved": "2025-04-15T21:16:12.197Z",
"dateUpdated": "2026-01-20T15:39:45.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36137 (GCVE-0-2025-36137)
Vulnerability from cvelistv5 – Published: 2025-10-30 18:53 – Updated: 2025-11-01 03:55
VLAI?
Title
IBM Sterling Connect:Direct for UNIX command execution
Summary
IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts.
Severity ?
7.2 (High)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct for Unix |
Affected:
6.2.0.7 , ≤ 6.2.0.9 iFix004
(semver)
Affected: 6.4.0.0 , ≤ 6.4.0.2 iFix001 (semver) Affected: 6.3.0.2 , ≤ 6.3.0.5 iFix002 (semver) cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.7:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.9:ifix004:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect\:direct:6.4.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect\:direct:6.4.0.2.:ifix001:*:*:*:unix:*:* cpe:2.3:a:ibm:sterling_connect\:direct:6.3.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_connect\:direct:6.3.0.5.:ifix002:*:*:*:unix:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-01T03:55:53.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connect\\:direct:6.2.0.7:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect\\:direct:6.2.0.9:ifix004:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect\\:direct:6.4.0.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect\\:direct:6.4.0.2.:ifix001:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:sterling_connect\\:direct:6.3.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_connect\\:direct:6.3.0.5.:ifix002:*:*:*:unix:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling Connect:Direct for Unix",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.2.0.9 iFix004",
"status": "affected",
"version": "6.2.0.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.0.2 iFix001",
"status": "affected",
"version": "6.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.0.5 iFix002",
"status": "affected",
"version": "6.3.0.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts."
}
],
"value": "IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T18:53:32.576Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249678"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading Product Version Remediation/Fix/Instructions IBM Sterling Connect:Direct for UNIX 6.4.0 Apply 6.4.0.2.iFix004, available on Fix Central . IBM Sterling Connect:Direct for UNIX 6.3.0 Apply 6.3.0.5.iFix008, available on Fix Central . IBM Sterling Connect:Direct for UNIX 6.2.0 Apply 6.2.0.9.iFix005, available on Fix Central .\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading Product Version Remediation/Fix/Instructions IBM Sterling Connect:Direct for UNIX 6.4.0 Apply 6.4.0.2.iFix004, available on Fix Central . IBM Sterling Connect:Direct for UNIX 6.3.0 Apply 6.3.0.5.iFix008, available on Fix Central . IBM Sterling Connect:Direct for UNIX 6.2.0 Apply 6.2.0.9.iFix005, available on Fix Central ."
}
],
"title": "IBM Sterling Connect:Direct for UNIX command execution",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36137",
"datePublished": "2025-10-30T18:53:32.576Z",
"dateReserved": "2025-04-15T21:16:19.008Z",
"dateUpdated": "2025-11-01T03:55:53.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36064 (GCVE-0-2025-36064)
Vulnerability from cvelistv5 – Published: 2025-09-22 18:25 – Updated: 2025-09-22 20:29
VLAI?
Title
IBM Sterling Connect:Express for Microsoft Windows information disclosure
Summary
IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
Severity ?
5.9 (Medium)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express for Microsoft Windows |
Affected:
3.1.0.0 , ≤ 3.1.0.22
(semver)
cpe:2.3:a:ibm:sterling_connect:express_for_windows:3.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_connect:express_for_windows:3.1.0.22:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36064",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-22T20:29:35.309961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T20:29:49.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connect:express_for_windows:3.1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_connect:express_for_windows:3.1.0.22:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling Connect:Express for Microsoft Windows",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "3.1.0.22",
"status": "affected",
"version": "3.1.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials."
}
],
"value": "IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T18:25:38.219Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7245761"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading ...\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eAffected Product(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation / Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling Connect:Express for Microsoft Windows\u003c/td\u003e\u003ctd\u003e3.1.0.0 - 3.1.0.22\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Sterling+Connect%3AExpress+for+Microsoft+Windows\u0026amp;release=All\u0026amp;platform=Windows\u0026amp;function=aparId\u0026amp;apars=IT48571\"\u003e3.1.0.23\u003c/a\u003e, available on Fix Central\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading ...\n\nAffected Product(s)Version(s)Remediation / FixIBM Sterling Connect:Express for Microsoft Windows3.1.0.0 - 3.1.0.22Apply 3.1.0.23 https://www.ibm.com/support/fixcentral/swg/selectFixes , available on Fix Central"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Connect:Express for Microsoft Windows information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36064",
"datePublished": "2025-09-22T18:25:38.219Z",
"dateReserved": "2025-04-15T21:16:12.197Z",
"dateUpdated": "2025-09-22T20:29:49.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32331 (GCVE-0-2023-32331)
Vulnerability from cvelistv5 – Published: 2024-03-04 18:38 – Updated: 2024-08-02 15:10
VLAI?
Title
IBM Connect:Express for UNIX denial of service
Summary
IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979.
Severity ?
7.5 (High)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express for UNIX |
Affected:
1.5.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T16:07:50.307756Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:18.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7011443"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sterling Connect:Express for UNIX",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979."
}
],
"value": "IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-04T18:38:46.392Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7011443"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254979"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Connect:Express for UNIX denial of service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-32331",
"datePublished": "2024-03-04T18:38:46.392Z",
"dateReserved": "2023-05-08T18:32:34.088Z",
"dateUpdated": "2024-08-02T15:10:24.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38933 (GCVE-0-2021-38933)
Vulnerability from cvelistv5 – Published: 2023-07-19 01:22 – Updated: 2024-10-21 18:12
VLAI?
Title
IBM Sterling Connect:Express for UNIX information disclosure
Summary
IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574.
Severity ?
5.9 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express for UNIX |
Affected:
1.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:20.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7010925"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210574"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T18:12:26.239093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T18:12:35.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sterling Connect:Express for UNIX",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574."
}
],
"value": "IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T01:22:12.736Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7010925"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210574"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Connect:Express for UNIX information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-38933",
"datePublished": "2023-07-19T01:22:12.736Z",
"dateReserved": "2021-08-16T18:59:46.177Z",
"dateUpdated": "2024-10-21T18:12:35.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29260 (GCVE-0-2023-29260)
Vulnerability from cvelistv5 – Published: 2023-07-19 01:17 – Updated: 2024-10-28 15:08
VLAI?
Title
IBM Sterling Connect:Express for UNIX server-side request forgery
Summary
IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135.
Severity ?
6.5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express for UNIX |
Affected:
1.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7010923"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252135"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_connect\\:express_for_unix:1.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "sterling_connect\\",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "express_for_unix_1.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T15:05:21.270633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T15:08:24.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sterling Connect:Express for UNIX",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135."
}
],
"value": "IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T01:17:31.614Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7010923"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252135"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Connect:Express for UNIX server-side request forgery",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-29260",
"datePublished": "2023-07-19T01:17:31.614Z",
"dateReserved": "2023-04-04T18:46:07.427Z",
"dateUpdated": "2024-10-28T15:08:24.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29259 (GCVE-0-2023-29259)
Vulnerability from cvelistv5 – Published: 2023-07-19 01:14 – Updated: 2024-10-21 18:55
VLAI?
Title
IBM Sterling Connect:Express for UNIX information disclosure
Summary
IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055.
Severity ?
CWE
- 1275 Sensitive Cookie with Improper SameSite Attribute
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Express for UNIX |
Affected:
1.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7010921"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252055"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T18:54:23.515279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T18:55:22.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sterling Connect:Express for UNIX",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055."
}
],
"value": "IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "1275 Sensitive Cookie with Improper SameSite Attribute",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T01:14:57.925Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7010921"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252055"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Connect:Express for UNIX information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-29259",
"datePublished": "2023-07-19T01:14:57.925Z",
"dateReserved": "2023-04-04T18:46:07.427Z",
"dateUpdated": "2024-10-21T18:55:22.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38891 (GCVE-0-2021-38891)
Vulnerability from cvelistv5 – Published: 2021-11-23 19:15 – Updated: 2024-09-16 23:41
VLAI?
Summary
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Connect:Direct Web Services |
Affected:
6.0
Affected: 1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:20.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6518582"
},
{
"name": "ibm-sterling-cve202138891-info-disc (209508)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209508"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Connect:Direct Web Services",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "1.0"
}
]
}
],
"datePublic": "2021-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:N/S:U/AC:H/UI:N/AV:N/A:N/C:H/I:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-23T19:15:34",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6518582"
},
{
"name": "ibm-sterling-cve202138891-info-disc (209508)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209508"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-11-22T00:00:00",
"ID": "CVE-2021-38891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Connect:Direct Web Services",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6518582",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6518582 (Connect:Direct Web Services)",
"url": "https://www.ibm.com/support/pages/node/6518582"
},
{
"name": "ibm-sterling-cve202138891-info-disc (209508)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209508"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-38891",
"datePublished": "2021-11-23T19:15:34.650502Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-16T23:41:39.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38890 (GCVE-0-2021-38890)
Vulnerability from cvelistv5 – Published: 2021-11-23 19:15 – Updated: 2024-09-17 02:12
VLAI?
Summary
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Connect:Direct Web Services |
Affected:
6.0
Affected: 1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:20.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6518586"
},
{
"name": "ibm-sterling-cve202138890-info-disc (209507)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209507"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Connect:Direct Web Services",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "1.0"
}
]
}
],
"datePublic": "2021-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/S:U/PR:N/AC:H/UI:N/AV:N/A:N/C:H/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-23T19:15:33",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6518586"
},
{
"name": "ibm-sterling-cve202138890-info-disc (209507)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209507"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-11-22T00:00:00",
"ID": "CVE-2021-38890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Connect:Direct Web Services",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6518586",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6518586 (Connect:Direct Web Services)",
"url": "https://www.ibm.com/support/pages/node/6518586"
},
{
"name": "ibm-sterling-cve202138890-info-disc (209507)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209507"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-38890",
"datePublished": "2021-11-23T19:15:33.262957Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-17T02:12:03.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4767 (GCVE-0-2020-4767)
Vulnerability from cvelistv5 – Published: 2020-10-28 16:15 – Updated: 2024-09-16 17:59
VLAI?
Summary
IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906.
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Connect Direct for Microsoft Windows |
Affected:
4.7
Affected: 4.8 Affected: 6.0 Affected: 6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:58.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6356019"
},
{
"name": "ibm-sterling-cve20204767-dos (188906)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188906"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sterling Connect Direct for Microsoft Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"status": "affected",
"version": "4.8"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
}
]
}
],
"datePublic": "2020-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/A:H/I:N/PR:N/AV:N/C:N/AC:L/S:U/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T16:15:19",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6356019"
},
{
"name": "ibm-sterling-cve20204767-dos (188906)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188906"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-27T00:00:00",
"ID": "CVE-2020-4767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling Connect Direct for Microsoft Windows",
"version": {
"version_data": [
{
"version_value": "4.7"
},
{
"version_value": "4.8"
},
{
"version_value": "6.0"
},
{
"version_value": "6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6356019",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6356019 (Sterling Connect Direct for Microsoft Windows)",
"url": "https://www.ibm.com/support/pages/node/6356019"
},
{
"name": "ibm-sterling-cve20204767-dos (188906)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188906"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4767",
"datePublished": "2020-10-28T16:15:19.451086Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T17:59:04.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4587 (GCVE-0-2020-4587)
Vulnerability from cvelistv5 – Published: 2020-08-24 15:30 – Updated: 2024-09-16 23:41
VLAI?
Summary
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Sterling Connect:Direct for UNIX |
Affected:
4.2.0
Affected: 4.3.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:49.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6320317"
},
{
"name": "ibm-sterling-cve20204587-bo (184578)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184578"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sterling Connect:Direct for UNIX",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.3.0"
}
]
},
{
"product": "Connect:Direct for UNIX",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"datePublic": "2020-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/PR:N/C:H/AV:L/S:U/I:H/UI:N/AC:L/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-24T15:30:31",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6320317"
},
{
"name": "ibm-sterling-cve20204587-bo (184578)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184578"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-08-21T00:00:00",
"ID": "CVE-2020-4587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling Connect:Direct for UNIX",
"version": {
"version_data": [
{
"version_value": "4.2.0"
},
{
"version_value": "4.3.0"
}
]
}
},
{
"product_name": "Connect:Direct for UNIX",
"version": {
"version_data": [
{
"version_value": "6.1.0"
},
{
"version_value": "6.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6320317",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6320317 (Connect:Direct for UNIX)",
"url": "https://www.ibm.com/support/pages/node/6320317"
},
{
"name": "ibm-sterling-cve20204587-bo (184578)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184578"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4587",
"datePublished": "2020-08-24T15:30:31.574862Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T23:41:45.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}