{"containers": {"cna": {"affected": [{"product": "Sterling Connect Direct for Microsoft Windows", "vendor": "IBM", "versions": [{"status": "affected", "version": "4.7"}, {"status": "affected", "version": "4.8"}, {"status": "affected", "version": "6.0"}, {"status": "affected", "version": "6.1"}]}], "datePublic": "2020-10-27T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/UI:N/A:H/I:N/PR:N/AV:N/C:N/AC:L/S:U/RC:C/RL:O/E:U", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-28T16:15:19", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6356019"}, {"name": "ibm-sterling-cve20204767-dos (188906)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188906"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-10-27T00:00:00", "ID": "CVE-2020-4767", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Sterling Connect Direct for Microsoft Windows", "version": {"version_data": [{"version_value": "4.7"}, {"version_value": "4.8"}, {"version_value": "6.0"}, {"version_value": "6.1"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906."}]}, "impact": {"cvssv3": {"BM": {"A": "H", "AC": "L", "AV": "N", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6356019", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6356019 (Sterling Connect Direct for Microsoft Windows)", "url": "https://www.ibm.com/support/pages/node/6356019"}, {"name": "ibm-sterling-cve20204767-dos (188906)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188906"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:14:58.485Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6356019"}, {"name": "ibm-sterling-cve20204767-dos (188906)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188906"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4767", "datePublished": "2020-10-28T16:15:19.451086Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T17:59:04.447Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_connect\\:direct:*:*:*:*:*:windows:*:*", "matchCriteriaId": "786BBE56-AD12-4461-A338-00550898F2CB", "versionEndExcluding": "4.7.0.7", "versionStartIncluding": "4.7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect\\:direct:*:*:*:*:*:windows:*:*", "matchCriteriaId": "73112C08-4C4D-45E0-9A89-ADF9CEE13288", "versionEndExcluding": "4.8.0.3", "versionStartIncluding": "4.8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect\\:direct:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1296A3F9-2589-440B-9ED5-44080A2BBA4F", "versionEndExcluding": "6.0.0.4", "versionStartIncluding": "6.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect\\:direct:*:*:*:*:*:windows:*:*", "matchCriteriaId": "AA26AE23-E02F-47EB-92D8-085674815F65", "versionEndExcluding": "6.1.0.1", "versionStartIncluding": "6.1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906."}, {"lang": "es", "value": "IBM Sterling Connect Direct para Microsoft Windows versiones 4.7, 4.8, 6.0 y 6.1, podr\u00eda permitir a un atacante remoto causar una denegaci\u00f3n de servicio, causada por una lectura excesiva del b\u00fafer. Mediante el env\u00edo de una petici\u00f3n  especialmente dise\u00f1ada, el atacante podr\u00eda causar que la aplicaci\u00f3n se bloquee. IBM X-Force ID: 188906"}], "id": "CVE-2020-4767", "lastModified": "2024-11-21T05:33:13.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-28T17:15:12.920", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188906"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6356019"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188906"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6356019"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}