cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-45653,https://securityvulnerability.io/vulnerability/CVE-2024-45653,Sensitive IP Address Disclosure in IBM Sterling Connect:Direct Web Services,"IBM Sterling Connect:Direct Web Services versions 6.0, 6.1, 6.2, and 6.3 are vulnerable to an information disclosure issue that allows authenticated users to access sensitive IP address data. This disclosure could be exploited by attackers to facilitate further malicious actions against the system, highlighting the importance of securing internal response data to prevent unauthorized information access.",IBM,Sterling Connect:direct Web Services,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-19T02:39:30.681Z,0
CVE-2024-39747,https://securityvulnerability.io/vulnerability/CVE-2024-39747,Default Credential Vulnerability in IBM Sterling Connect:Direct Web Services,"IBM Sterling Connect:Direct Web Services versions 6.0, 6.1, 6.2, and 6.3 are susceptible to a significant security risk due to the use of default credentials for critical functionalities. This vulnerability potentially allows unauthorized individuals to exploit these services, leading to unauthorized access and manipulation of sensitive data. Organizations utilizing these versions are strongly advised to review their security configurations and implement proper credential management practices to mitigate the associated risks.",IBM,Sterling Connect:direct Web Services,9.8,CRITICAL,0.0007300000288523734,false,,false,false,false,,,false,false,,2024-08-31T02:15:00.000Z,0
CVE-2024-39745,https://securityvulnerability.io/vulnerability/CVE-2024-39745,Weaker Cryptographic Algorithms in IBM Sterling Connect:Direct Web Services Could Lead to Data Decryption,"IBM Sterling Connect:Direct Web Services versions 6.0 through 6.3 are impacted by a vulnerability that arises from the use of weaker than expected cryptographic algorithms. This flaw may enable attackers to decrypt sensitive and confidential information, compromising data security and integrity. Organizations using this product should evaluate their systems to mitigate potential risks associated with this vulnerability.",IBM,Sterling Connect:direct Web Services,7.5,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2024-08-22T11:06:49.088Z,0
CVE-2024-39744,https://securityvulnerability.io/vulnerability/CVE-2024-39744,IBM Sterling Connect:Direct Web Services Vulnerable to Cross-Site Request Forgery,"IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.",IBM,Sterling Connect:direct Web Services,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-08-22T10:56:39.894Z,0
CVE-2024-39746,https://securityvulnerability.io/vulnerability/CVE-2024-39746,IBM Sterling Connect:Direct Web Services Vulnerability Could Lead to Sensitive Information Theft,"IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.",IBM,Sterling Connect:direct Web Services,5.9,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2024-08-22T10:29:54.169Z,0
CVE-2023-32331,https://securityvulnerability.io/vulnerability/CVE-2023-32331,Buffer Overflow Vulnerability in Connect:Express for UNIX Could Lead to Denial of Service,"IBM Connect:Express for UNIX version 1.5.0 is exposed to a buffer overflow vulnerability that can be exploited by remote attackers through the application's browser-based user interface. Successful exploitation may result in denial of service, impacting the availability of the service. Organizations utilizing this product should evaluate their security posture and consider implementing mitigations to safeguard against potential exploits.",IBM,Sterling Connect:express For Unix,7.5,HIGH,0.0005499999970197678,false,,true,false,false,,,false,false,,2024-03-04T18:38:46.392Z,0
CVE-2023-29260,https://securityvulnerability.io/vulnerability/CVE-2023-29260,IBM Sterling Connect:Express for UNIX server-side request forgery,"IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.  IBM X-Force ID:  252135.",IBM,Sterling Connect:express For Unix,6.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2023-07-19T02:15:00.000Z,0
CVE-2023-29259,https://securityvulnerability.io/vulnerability/CVE-2023-29259,IBM Sterling Connect:Express for UNIX information disclosure,IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute.  IBM X-Force ID:  252055.,IBM,Sterling Connect:express For Unix,3.7,LOW,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-07-19T02:15:00.000Z,0
CVE-2023-26023,https://securityvulnerability.io/vulnerability/CVE-2023-26023,IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure,Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks.  IBM X-Force ID:  247896.,IBM,Sterling Connect:express For Unix,6.5,MEDIUM,0.0009800000116229057,false,,false,false,false,,,false,false,,2023-07-19T02:15:00.000Z,0
CVE-2021-38933,https://securityvulnerability.io/vulnerability/CVE-2021-38933,IBM Sterling Connect:Express for UNIX information disclosure,IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.  IBM X-Force ID:  210574.,IBM,Sterling Connect:express For Unix,5.9,MEDIUM,0.0009800000116229057,false,,false,false,false,,,false,false,,2023-07-19T01:22:12.736Z,0
CVE-2021-20560,https://securityvulnerability.io/vulnerability/CVE-2021-20560,,"IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 199229.",IBM,Sterling Connect:direct Browser User Interface,5.4,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-07-26T12:15:00.000Z,0
CVE-2020-4747,https://securityvulnerability.io/vulnerability/CVE-2020-4747,,"IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. IBM X-Force ID: 188516.",IBM,Sterling Connect:direct For Unix,7.4,HIGH,0.005009999964386225,false,,false,false,false,,,false,false,,2020-12-15T15:15:00.000Z,0
CVE-2020-4767,https://securityvulnerability.io/vulnerability/CVE-2020-4767,,"IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906.",IBM,Sterling Connect Direct For Microsoft Windows,7.5,HIGH,0.0012799999676644802,false,,false,false,false,,,false,false,,2020-10-28T17:15:00.000Z,0
CVE-2020-4587,https://securityvulnerability.io/vulnerability/CVE-2020-4587,,"IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578.",IBM,"Sterling Connect:direct For Unix,Connect:direct For Unix",8.4,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-08-24T16:15:00.000Z,0
CVE-2018-1903,https://securityvulnerability.io/vulnerability/CVE-2018-1903,,"IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.",IBM,Sterling Connect:direct For Unix,6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-04-10T15:29:00.000Z,0
CVE-2013-4035,https://securityvulnerability.io/vulnerability/CVE-2013-4035,,"IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138.",IBM,Sterling Connect,7.3,HIGH,0.0011399999493733048,false,,false,false,false,,,false,false,,2018-05-01T18:00:00.000Z,0
CVE-2016-5991,https://securityvulnerability.io/vulnerability/CVE-2016-5991,,"IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.",IBM,Sterling Connect\,4.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2016-11-25T03:38:00.000Z,0
CVE-2016-5992,https://securityvulnerability.io/vulnerability/CVE-2016-5992,,"IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors.",IBM,Sterling Connect\,2.5,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2016-11-25T03:38:00.000Z,0
CVE-2016-0380,https://securityvulnerability.io/vulnerability/CVE-2016-0380,,"IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations.",IBM,Sterling Connect\,3.3,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2016-08-08T01:00:00.000Z,0
CVE-2013-6327,https://securityvulnerability.io/vulnerability/CVE-2013-6327,,"Cross-site scripting (XSS) vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a ""cross-frame scripting"" issue.",IBM,Sterling Connect Enterprise Http Option,,,0.0012199999764561653,false,,false,false,false,,,false,false,,2013-12-17T11:00:00.000Z,0
CVE-2013-0527,https://securityvulnerability.io/vulnerability/CVE-2013-0527,,"The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation.",IBM,Sterling Connect Direct User Interface,,,0.0010499999625608325,false,,false,false,false,,,false,false,,2013-06-21T14:00:00.000Z,0
CVE-2013-0529,https://securityvulnerability.io/vulnerability/CVE-2013-0529,,"The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.",IBM,Sterling Connect Direct User Interface,,,0.005179999861866236,false,,false,false,false,,,false,false,,2013-06-21T14:00:00.000Z,0
CVE-2013-2989,https://securityvulnerability.io/vulnerability/CVE-2013-2989,,"The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the Connect:Direct product.",IBM,Sterling Connect,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2013-05-28T16:00:00.000Z,0
CVE-2012-6352,https://securityvulnerability.io/vulnerability/CVE-2012-6352,,The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on UNIX allows remote attackers to cause a denial of service (daemon crash and disk consumption) via crafted data.,IBM,Sterling Connect,,,0.005669999867677689,false,,false,false,false,,,false,false,,2013-02-02T20:00:00.000Z,0