PT-2020-18233 · Ibm · Ibm Sterling Connect:Direct

Published

2020-10-28

Updated

2020-10-30

CVE-2020-4767

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions IBM Sterling Connect Direct for Microsoft Windows versions 4.7 through 4.8 IBM Sterling Connect Direct for Microsoft Windows versions 6.0 through 6.1

Description The issue allows a remote attacker to cause a denial of service due to a buffer over-read. By sending a specially crafted request, the attacker could cause the application to crash.

Recommendations For versions 4.7 and 4.8, update to a fixed version to resolve the issue. For versions 6.0 and 6.1, update to a fixed version to resolve the issue. As a temporary workaround, consider restricting access to the application to minimize the risk of exploitation.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2020-4767

Affected Products

Ibm Sterling Connect:Direct

PT-2020-18233 · Ibm · Ibm Sterling Connect:Direct

CVE-2020-4767

Weakness Enumeration

Related Identifiers

Affected Products

References · 4