Vulnerability in Ibm Sterling_connect\
CVE-2018-1903
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.
EPSS: 0.004 (30.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Ibm Sterling_connect\ — versions direct
- Ibm Sterling Connect:direct For Unix — versions 4.3.0, 6.0.0, 4.2.0
References
- psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- psirt@us.ibm.com (VDB Entry, vdb-entry, Vendor Advisory, x_refsource_XF)
Frequently asked questions
- What is CVE-2018-1903?
- CVE-2018-1903 is a medium-severity vulnerability in Ibm Sterling_connect\. CVSS score: 6.7/10. Published 2019-04-10.
- How severe is CVE-2018-1903?
- Medium severity. CVSS v3 base score is 6.7 out of 10.