CVE-2025-14115
IBM Sterling Connect:Direct for UNIX Container is affected by vulnerability where hard-coded credentials are embeeded in the product for its internal use.
CVSS Score
8.4
EPSS Score
0.0%
EPSS Percentile
0th
IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
| CWE | CWE-798 |
| Vendor | ibm |
| Product | sterling connect:direct for unix container |
| Published | Jan 20, 2026 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for ibm sterling connect:direct for unix container
Be the first to know when new high vulnerabilities affecting ibm sterling connect:direct for unix container are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
IBM / Sterling Connect:Direct for UNIX Container
6.3.0.0 ≤ 6.3.0.6 Interim Fix 016 6.4.0.0 ≤ 6.4.0.3 Interim Fix 019