Privilege Escalation in IBM Sterling Connect:Direct for UNIX
CVE-2018-1903

6.7MEDIUM

Key Information:

Vendor
IBM
Status
Sterling Connect:direct For Unix
Vendor
CVE Published:
10 April 2019

Summary

A vulnerability in IBM Sterling Connect:Direct for UNIX allows a user with restricted sudo access on a system to manipulate the application to gain full sudo access. This flaw can lead to unauthorized access, enabling potential exploitation of system resources. Administrators should apply relevant patches and adhere to best security practices to mitigate risks. For further details, please refer to IBM's support documentation and updated vulnerability reports.

Affected Version(s)

Sterling Connect:Direct for UNIX 4.2.0

Sterling Connect:Direct for UNIX 4.3.0

Sterling Connect:Direct for UNIX 6.0.0

References

http://www.ibm.com/support/docview.wss?uid=ibm10875386
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/152532
vdb-entryx_refsource_XF

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.