Buffer Overflow Vulnerability in Connect:Express for UNIX Could Lead to Denial of Service
CVE-2023-32331

7.5HIGH

Key Information:

Vendor: IBM
Status: Sterling Connect:express For Unix
Vendor: CVE Published:; 4 March 2024

Badges

📰 News Worthy

Summary

IBM Connect:Express for UNIX version 1.5.0 is exposed to a buffer overflow vulnerability that can be exploited by remote attackers through the application's browser-based user interface. Successful exploitation may result in denial of service, impacting the availability of the service. Organizations utilizing this product should evaluate their security posture and consider implementing mitigations to safeguard against potential exploits.

Affected Version(s)

Sterling Connect:Express for UNIX 1.5.0

News Articles

prophaze.com

CVE-2023-32331

CVE-2023-32331 : IBM STERLING CONNECT EXPRESS 1.5.0 ON UNIX MEMORY CORRUPTION - Cloud WAF

CVE-2023-32331 : IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979.

11 months ago

References

https://www.ibm.com/support/pages/node/7011443

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/254979

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by prophaze.com
Mar 5, 2024
Vulnerability published
Mar 4, 2024
Vulnerability Reserved
May 8, 2023

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

CVE-2023-32331 : IBM STERLING CONNECT EXPRESS 1.5.0 ON UNIX MEMORY CORRUPTION - Cloud WAF

References

CVSS V3.1

Timeline