Improper Authentication in IBM Connect:Direct for UNIX
CVE-2020-4747

7.4HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
15 December 2020

Summary

IBM Connect:Direct for UNIX versions 6.1.0, 6.0.0, 4.3.0, and 4.2.0 are susceptible to a vulnerability that allows both local and remote users to gain unauthorized access to an authenticated Command Line Interface (CLI) session. This issue stems from inadequate authentication mechanisms, potentially compromising the security and integrity of the environment. Organizations using affected versions should assess their security posture and apply mitigations at the earliest.

Affected Version(s)

Sterling Connect:Direct for UNIX 4.2.0

Sterling Connect:Direct for UNIX 4.3.0

Sterling Connect:Direct for UNIX 6.0.0

References

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.