CVE-2020-4587 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ibm	Connect\	direct
Ibm	Sterling Connect\	direct

Related Weaknesses (CWE)

CWE-787

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/184578VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6320317Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/184578VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6320317Vendor Advisory

FAQ

What is CVE-2020-4587?

CVE-2020-4587 is a vulnerability with a CVSS score of 7.8 (HIGH). IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obt...

How severe is CVE-2020-4587?

CVE-2020-4587 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-4587?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Connect\, Ibm Sterling Connect\.