CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
EPSS
Percentile
51.5%
IBM Sterling Connect:Direct for UNIX Certified Container bundles ncurses as third party packages in its container image which has the vulnerability where attacker can obtain sensitive information. This fix updates ncurses to 6.1-9.20180224.el8.
CVEID:CVE-2019-17595
**DESCRIPTION:**GNU ncurses could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168972 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
CVEID:CVE-2019-17594
**DESCRIPTION:**GNU ncurses could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168970 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling Connect:Direct for UNIX | 6.0.0 |
IBM Sterling Connect:Direct for UNIX | 6.1.0 |
IBM Sterling Connect:Direct for UNIX | 6.2.0 |
Product(s) | Version(s) | APAR | Remediation/Fix |
---|---|---|---|
IBM Sterling Connect:Direct for UNIX | 6.2.0 IBM Certified Container | IT41640 | Apply 6.2.0.4, see Downloading the Certified Container Software |
IBM Sterling Connect:Direct for UNIX | 6.1.0 IBM Certified Container | IT41640 | Apply 6.2.0.4, see Downloading the Certified Container Software |
IBM Sterling Connect:Direct for UNIX | 6.0.0 IBM Certified Container | IT41640 | Apply 6.2.0.4, see Downloading the Certified Container Software |
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | sterling_connect\ | direct_for_unix | cpe:2.3:a:ibm:sterling_connect\:direct_for_unix:6.2.0:*:*:*:*:*:*:* |
ibm | sterling_connect\ | direct_for_unix | cpe:2.3:a:ibm:sterling_connect\:direct_for_unix:6.1.0:*:*:*:*:*:*:* |
ibm | sterling_connect\ | direct_for_unix | cpe:2.3:a:ibm:sterling_connect\:direct_for_unix:6.0.0:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
EPSS
Percentile
51.5%