Home

Description

IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts.

PUBLISHED Reserved 2025-04-15 | Published 2025-10-30 | Updated 2025-11-01 | Assigner ibm




HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-250 Execution with Unnecessary Privileges

Product status

Default status
unaffected

6.2.0.7 (semver)
affected

6.4.0.0 (semver)
affected

6.3.0.2 (semver)
affected

References

www.ibm.com/support/pages/node/7249678 vendor-advisory patch

cve.org (CVE-2025-36137)

nvd.nist.gov (CVE-2025-36137)

Download JSON