Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IBM Sterling Connect:Direct for UNIX command execution
Vulnerability Description
IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
带着不必要的权限执行
Vulnerability Title
IBM Sterling Connect Direct for Unix 安全漏洞
Vulnerability Description
IBM Sterling Connect Direct for Unix是美国国际商业机器(IBM)公司的一个文件传输程序。 IBM Sterling Connect Direct for Unix 6.2.0.7版本至6.2.0.9版本iFix004和6.4.0.0版本至6.4.0.2版本iFix001和6.3.0.2版本至6.3.0.5版本iFix002存在安全漏洞,该漏洞源于错误分配维护任务权限,可能导致特权用户进一步提权。
CVSS Information
N/A
Vulnerability Type
N/A