CNNVD-202510-4190 Information

CNNVD ID

CNNVD-202510-4190

Related CVE

CVE-2025-36137

• CNNVD Published: 2025-10-30

Description (Chinese)

IBM Sterling Connect Direct for Unix是美国国际商业机器（IBM）公司的一个文件传输程序。 IBM Sterling Connect Direct for Unix 6.2.0.7版本至6.2.0.9版本iFix004和6.4.0.0版本至6.4.0.2版本iFix001和6.3.0.2版本至6.3.0.5版本iFix002存在安全漏洞，该漏洞源于错误分配维护任务权限，可能导致特权用户进一步提权。

Description (English)

IBM Sterling Contact Direct for United States is a file transfer program for the United States International Business Machine (IBM). Security gaps exist in IBM Sterling Contact Direct for United Nations 6.2.0.7 to 6.2.0.9 versions iFix004 and 6.4.0.0 to 6.4.0.2 iFix001 and 6.3.0.2 to 6.3.0.5, iFix002, which stem from the incorrect assignment of maintenance tasks, which may lead to further power-up by privileged users.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

国际商业机器

Published

2025-10-30

Last Modified

2026-02-24

References

https://www.ibm.com/support/pages/node/7249678

Patch

https://www.ibm.com/support/pages/node/7249678