Inadequate Account Lockout Settings in IBM Sterling Connect:Express for Microsoft Windows
CVE-2025-36064
5.9MEDIUM
Key Information:
- Vendor
IBM
- Vendor
- CVE Published:
- 22 September 2025
What is CVE-2025-36064?
IBM Sterling Connect:Express for Microsoft Windows versions 3.1.0.0 to 3.1.0.22 suffers from an account lockout setting that is insufficiently strict, permitting remote attackers to execute brute force attempts against user credentials. This vulnerability exposes systems to unauthorized access and may lead to compromise if not addressed. It is crucial for administrators to implement stronger account lockout policies to mitigate the risk of such attacks.
Affected Version(s)
Sterling Connect:Express for Microsoft Windows 3.1.0.0 <= 3.1.0.22