CVE-2025-14115

IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7257143

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) IBM Sterling Connect:Direct para UNIX Contenedor 6.3.0.0 hasta 6.3.0.6 Arreglo Provisional 016, y 6.4.0.0 hasta 6.4.0.3 Arreglo Provisional 019 IBM® Sterling Connect:Direct para UNIX contiene credenciales codificadas de forma rígida, como una contraseña o clave criptográfica, que utiliza para su propia autenticación de entrada, comunicación de salida a componentes externos, o cifrado de datos internos.

20 Jan 2026, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-20 15:16

Updated : 2026-04-15 00:35

NVD link : CVE-2025-14115

Mitre link : CVE-2025-14115

CVE.ORG link : CVE-2025-14115

JSON object : View

Products Affected

No product.

CWE

CWE-798

Use of Hard-coded Credentials

8.4 /10