Summaryinfo

A vulnerability was found in Microsoft Sterling Connect Direct 4.7/4.8/6.0/6.1 on Windows. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to buffer overflow. This vulnerability was named CVE-2020-4767. The attack can be initiated remotely. There is no exploit available. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Detailsinfo

A vulnerability was found in Microsoft Sterling Connect Direct 4.7/4.8/6.0/6.1 on Windows. It has been classified as critical. This affects an unknown function. The manipulation with an unknown input leads to a buffer overflow vulnerability. CWE is classifying the issue as CWE-120. The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. This is going to have an impact on availability.

The weakness was released 10/28/2020. It is possible to read the advisory at ibm.com. This vulnerability is uniquely identified as CVE-2020-4767. The exploitability is told to be easy. It is possible to initiate the attack remotely. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 11/30/2020).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at X-Force (188906). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Vendor

• Microsoft

Name

• Sterling Connect Direct

Version

• 4.7
• 4.8
• 6.0
• 6.1

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion