Sterling Connect\

sterling_connect\

Vendor: Ibm • 22 CVEs

CVEs (22)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-36115 1Ibm 1Sterling Connect\ Feb 3, 2026 Jan 20, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.
CVE-2025-36113 1Ibm 1Sterling Connect\ Feb 3, 2026 Jan 20, 2026 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code i...Show more IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.Show less
CVE-2025-36066 1Ibm 1Sterling Connect\ Feb 3, 2026 Jan 20, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript...Show more IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.Show less
CVE-2025-36065 1Ibm 1Sterling Connect\ Feb 3, 2026 Jan 20, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on...Show more IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.Show less
CVE-2025-36063 1Ibm 1Sterling Connect\ Feb 5, 2026 Jan 20, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the syste...Show more IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.Show less
CVE-2025-36137 1Ibm 1Sterling Connect\ Dec 12, 2025 Oct 30, 2025 N/A· v4 7.2 HIGH· v3 N/A· v2 IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director...Show more IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts.Show less
CVE-2025-36064 1Ibm 1Sterling Connect\ Oct 3, 2025 Sep 22, 2025 N/A· v4 5.9 MEDIUM· v3 N/A· v2 IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
CVE-2023-32331 1Ibm 1Sterling Connect\ Jan 31, 2025 Mar 4, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979.
CVE-2023-29260 1Ibm 1Sterling Connect\ Nov 21, 2024 Jul 19, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumer...Show more IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135.Show less
CVE-2023-29259 1Ibm 1Sterling Connect\ Nov 21, 2024 Jul 19, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055.
CVE-2021-38933 1Ibm 1Sterling Connect\ Nov 21, 2024 Jul 19, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574.
CVE-2021-38891 1Ibm 1Sterling Connect\ Nov 21, 2024 Nov 23, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.
CVE-2021-38890 1Ibm 1Sterling Connect\ Nov 21, 2024 Nov 23, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.
CVE-2020-4767 1Ibm 1Sterling Connect\ Nov 21, 2024 Oct 28, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could...Show more IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906.Show less
CVE-2020-4587 1Ibm 2Connect\ Sterling Connect\ Nov 21, 2024 Aug 24, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges....Show more IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578.Show less
CVE-2018-1903 1Ibm 1Sterling Connect\ Nov 21, 2024 Apr 10, 2019 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.
CVE-2013-4035 1Ibm 1Sterling Connect\ Nov 21, 2024 May 1, 2018 N/A· v4 7.3 HIGH· v3 4.1 MEDIUM· v2 IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as...Show more IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138.Show less
CVE-2016-5992 1Ibm 1Sterling Connect\ May 6, 2026 Nov 25, 2016 N/A· v4 2.5 LOW· v3 1.9 LOW· v2 IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors.
CVE-2016-5991 1Ibm 1Sterling Connect\ May 6, 2026 Nov 25, 2016 N/A· v4 4.5 MEDIUM· v3 4.4 MEDIUM· v2 IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.
CVE-2016-0380 1Ibm 1Sterling Connect\ May 6, 2026 Aug 8, 2016 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem o...Show more IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations.Show less

12 Next