CVE-2018-1903
First published: Wed Apr 10 2019(Updated: )
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Sterling Connect:Direct | =direct-4.2.0 | |
| IBM Sterling Connect:Direct | =direct-4.3.0 | |
| IBM Sterling Connect:Direct | =direct-6.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-1903?
CVE-2018-1903 has been classified as a medium severity vulnerability that can potentially allow unauthorized access.
How do I fix CVE-2018-1903?
To mitigate CVE-2018-1903, update your IBM Sterling Connect:Direct for UNIX to the latest patched version.
Who is affected by CVE-2018-1903?
CVE-2018-1903 affects users of IBM Sterling Connect:Direct for UNIX versions 4.2.0, 4.3.0, and 6.0.0.
What actions can a malicious user take with CVE-2018-1903?
A user with restricted sudo access can exploit CVE-2018-1903 to gain full sudo access, potentially compromising system integrity.
Is there a specific IBM Sterling Connect:Direct version that is not affected by CVE-2018-1903?
Yes, versions of IBM Sterling Connect:Direct for UNIX released after 6.0.0 are not affected by CVE-2018-1903.
- agent/references
- agent/type
- agent/softwarecombine
- agent/remedy
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm sterling connect:direct
- version/ibm sterling connect:direct/direct-4.2.0
- version/ibm sterling connect:direct/direct-4.3.0
- version/ibm sterling connect:direct/direct-6.0.0