Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM6D620275D5CF7297403EAAF79325472338A3AEE98EB7420C36A4BE50CFA2F499
HistoryJul 24, 2020 - 10:19 p.m.

Security Bulletin: Local vulnerabilities affect IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-5991, CVE-2016-5992)

2020-07-2422:19:08
www.ibm.com
7

EPSS

0

Percentile

5.1%

JSON

Summary

IBM Sterling Connect:Direct for Microsoft Windows contains vulnerabilities that could allow a local user to increase their privileges or cause a denial of service when special conditions exist. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable vulnerabilities.

Vulnerability Details

CVEID: CVE-2016-5991**
DESCRIPTION:** IBM Sterling Connect:Direct for Microsoft Windows contains a vulnerability that could allow a local user to increase their privileges when special conditions exist.
CVSS Base Score: 4.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116649 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-5992**
DESCRIPTION:** IBM Sterling Connect:Direct for Microsoft Windows contains a vulnerability that could allow a local user to cause a denial of service when special conditions exist.
CVSS Base Score: 2.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116650 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

IBM Sterling Connect:Direct for Microsoft Windows 4.5.00
IBM Sterling Connect:Direct for Microsoft Windows 4.5.01
IBM Sterling Connect:Direct for Microsoft Windows 4.6.0
IBM Sterling Connect:Direct for Microsoft Windows 4.7.0

Remediation/Fixes

The issue had already been resolved in earlier fix packs/patches. IBM recommends to apply the latest maintenance.

Product

| VRMF|APAR|Remediation/First Fix
—|—|—|—
IBM Sterling Connect:Direct for Microsoft Windows| 4.5.00| IT16911| NOTE:_ This release reached End-of-Support on 31 July 2016. IBM recommends upgrading to a fixed, supported release of the product._
A fix can be requested on demand by contacting IBM Support.
IBM Sterling Connect:Direct for Microsoft Windows| 4.5.01| IT16911| NOTE:_ This release reached End-of-Support on 31 July 2016. IBM recommends upgrading to a fixed, supported release of the product._
A fix can be requested on demand by contacting IBM Support.
IBM Sterling Connect:Direct for Microsoft Windows| 4.6.0| IT16911| Apply 4.6.0.6_iFix008, available on Fix Central
IBM Sterling Connect:Direct for Microsoft Windows| 4.7.0| IT16911| Apply 4.7.0.4, available on Fix Central
For older versions/releases IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None

Related

cvelist 2
cve 2
prion 2
nvd 2
cvelist
cvelist
CVE-2016-5991
2016-11-25 03:38:00
CVE-2016-5992
2016-11-25 03:38:00
cve
cve
CVE-2016-5992
2016-11-25 03:59:14
CVE-2016-5991
2016-11-25 03:59:13
prion
prion
Code injection
2016-11-25 03:59:00
Code injection
2016-11-25 03:59:00
nvd
nvd
CVE-2016-5991
2016-11-25 03:59:13
CVE-2016-5992
2016-11-25 03:59:14

EPSS

0

Percentile

5.1%

JSON
Related for 6D620275D5CF7297403EAAF79325472338A3AEE98EB7420C36A4BE50CFA2F499
cvelist2cve2prion2nvd2