IBM Sterling Connect:Direct
Moderate fix3 remedies
cpe:2.3:a:ibm:sterling_connect:direct:*:*:*:*:unix:*:*
Moderate fix3 remedies
- >= 6.2.0.7, <= 6.2.0.9.iFix004
- >= 6.4.0.0, <= 6.4.0.2.iFix001
- >= 6.3.0.2, <= 6.3.0.5.iFix002
IBM Sterling Connect:Direct for UNIX Privilege Escalation Vulnerability
Vulnerability
Patched
A vulnerability exists in IBM Sterling Connect:Direct for UNIX versions 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002. The issue arises from incorrect permission assignments for maintenance tasks, allowing Control Center Director (CCD) users to execute post-update scripts with elevated privileges. This misallocation of rights could enable a privileged user to further escalate their privileges.
Impact
Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing users to gain elevated rights beyond their assigned roles.
Remediation
Users are advised to upgrade to IBM Sterling Connect:Direct for UNIX version 6.4.0.2.iFix004, 6.3.0.5.iFix008, or 6.2.0.9.iFix005, all available on Fix Central.
Added: Oct 30, 2025, 7:25 PM
Updated: Oct 30, 2025, 7:25 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
7.5exploitability
4.8remediation
7.7relevance
0.8threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.