Ibm Sterling_connect\
19 CVEs affecting Ibm Sterling_connect\. Latest disclosed: 2026-01-20. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-4587 | High | 7.8 | 2020-08-24 | IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local… |
CVE-2023-32331 | High | 7.5 | 2024-03-04 | IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI… |
CVE-2021-38891 | High | 7.5 | 2021-11-23 | IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitiv… |
CVE-2021-38890 | High | 7.5 | 2021-11-23 | IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account crede… |
CVE-2020-4767 | High | 7.5 | 2020-10-28 | IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-re… |
CVE-2025-36137 | High | 7.2 | 2025-10-30 | IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns… |
CVE-2018-1903 | Medium | 6.7 | 2019-04-10 | IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo… |
CVE-2023-29260 | Medium | 6.5 | 2023-07-19 | IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized re… |
CVE-2025-36115 | Medium | 6.3 | 2026-01-20 | IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an auth… |
CVE-2025-36065 | Medium | 6.3 | 2026-01-20 | IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which coul… |
CVE-2025-36063 | Medium | 6.3 | 2026-01-20 | IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow a… |
CVE-2025-36066 | Medium | 6.1 | 2026-01-20 | IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allo… |
CVE-2025-36064 | Medium | 5.9 | 2025-09-22 | IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to br… |
CVE-2021-38933 | Medium | 5.9 | 2023-07-19 | IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive informatio… |
CVE-2025-36113 | Medium | 5.4 | 2026-01-20 | IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allo… |
CVE-2016-5991 | Medium | 4.5 | 2016-11-25 | IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspeci… |
CVE-2023-29259 | Low | 3.7 | 2023-07-19 | IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID… |
CVE-2016-0380 | Low | 3.3 | 2016-08-08 | IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local us… |
CVE-2016-5992 | Low | 2.5 | 2016-11-25 | IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service v… |