Improper Authentication in IBM Connect:Direct for UNIX
CVE-2020-4747
7.4HIGH
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 15 December 2020
Summary
IBM Connect:Direct for UNIX versions 6.1.0, 6.0.0, 4.3.0, and 4.2.0 are susceptible to a vulnerability that allows both local and remote users to gain unauthorized access to an authenticated Command Line Interface (CLI) session. This issue stems from inadequate authentication mechanisms, potentially compromising the security and integrity of the environment. Organizations using affected versions should assess their security posture and apply mitigations at the earliest.
Affected Version(s)
Sterling Connect:Direct for UNIX 4.2.0
Sterling Connect:Direct for UNIX 4.3.0
Sterling Connect:Direct for UNIX 6.0.0
References
CVSS V3.1
Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved