PT-2025-44452 · Ibm · Ibm Sterling Connect:Direct For Unix
Published
2025-10-30
·
Updated
2025-10-30
·
CVE-2025-36137
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM Sterling Connect Direct for Unix versions 6.2.0.7 through 6.2.0.9 iFix004
IBM Sterling Connect Direct for Unix versions 6.3.0.2 through 6.3.0.5 iFix002
IBM Sterling Connect Direct for Unix versions 6.4.0.0 through 6.4.0.2 iFix001
Description
The software incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users. This could allow a privileged user to further escalate their privileges due to unnecessary privilege assignment for post update scripts.
Recommendations
IBM Sterling Connect Direct for Unix versions 6.2.0.7 through 6.2.0.9 iFix004 should be updated.
IBM Sterling Connect Direct for Unix versions 6.3.0.2 through 6.3.0.5 iFix002 should be updated.
IBM Sterling Connect Direct for Unix versions 6.4.0.0 through 6.4.0.2 iFix001 should be updated.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Sterling Connect:Direct For Unix