CVE-2025-36115

>= 5.2.0.00 and < 5.2.0.13

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after

6.3MEDIUM

CVE-2025-36113

>= 5.2.0.00 and < 5.2.0.13

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scrip

5.4MEDIUM

CVE-2025-36066

>= 5.2.0.00 and < 5.2.0.13

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scrip

6.1MEDIUM

CVE-2025-36065

>= 5.2.0.00 and < 5.2.0.13

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after

6.3MEDIUM

CVE-2025-36063

>= 5.2.0.00 and < 5.2.0.13

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after

6.3MEDIUM

CVE-2025-36137

>= 6.2.0.7 and < 6.2.0.9

IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5

7.2HIGH

CVE-2025-36064

>= 3.1.0.0 and < 3.1.0.23

IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could

5.9MEDIUM

CVE-2023-32331

all versions

IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of serv

7.5HIGH

CVE-2023-29260

all versions

IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated att

6.5MEDIUM

CVE-2023-29259

all versions

IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite

3.7LOW

CVE-2021-38933

< 1.5.0.1609

IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decryp

5.9MEDIUM

CVE-2021-38891

>= 6.0.0 and < 6.2.0.1

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attack

7.5HIGH

CVE-2021-38890

>= 6.0.0 and < 6.2.0.1

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker

7.5HIGH

CVE-2020-4767

>= 4.7.0.0 and < 4.7.0.7

IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of servic

7.5HIGH

CVE-2020-4587

all versions

IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by impr

7.8HIGH

CVE-2018-1903

all versions

IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipul

6.7MEDIUM

CVE-2013-4035

all versions

IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impa

7.3HIGH

CVE-2016-5992

all versions

IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users t

2.5LOW

CVE-2016-5991

all versions

IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users t

4.5MEDIUM

CVE-2016-0380

all versions

IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions o

3.3LOW

CVE-2013-2989

all versions

The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incor

CVE-2012-6352

all versions

The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on UNIX allows remote attackers to cause a denial of service (d