Inadequate Account Lockout Settings in IBM Sterling Connect:Express for Microsoft Windows
CVE-2025-36064

5.9MEDIUM

Key Information:

Vendor

IBM

Vendor
CVE Published:
22 September 2025

What is CVE-2025-36064?

IBM Sterling Connect:Express for Microsoft Windows versions 3.1.0.0 to 3.1.0.22 suffers from an account lockout setting that is insufficiently strict, permitting remote attackers to execute brute force attempts against user credentials. This vulnerability exposes systems to unauthorized access and may lead to compromise if not addressed. It is crucial for administrators to implement stronger account lockout policies to mitigate the risk of such attacks.

Affected Version(s)

Sterling Connect:Express for Microsoft Windows 3.1.0.0 <= 3.1.0.22

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.