VYPR

Sterling Control Center

by IBM

CVEs (17)

  • CVE-2019-25357HigFeb 18, 2026
    risk 0.55cvss 8.4epss 0.00

    Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious payload exceeding 664 bytes to inject shellcode and…

  • CVE-2017-1758HigFeb 21, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when…

  • CVE-2016-0252MedJul 8, 2016
    risk 0.33cvss 5.1epss 0.00

    IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors.

  • CVE-2023-43035Apr 10, 2025
    risk 0.00cvss epss 0.00

    IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system.

  • CVE-2023-42007Apr 10, 2025
    risk 0.00cvss epss 0.00

    IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2023-43052Mar 7, 2025
    risk 0.00cvss epss 0.00

    IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests…

  • CVE-2023-35894Mar 7, 2025
    risk 0.00cvss epss 0.00

    IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or…

  • CVE-2024-35114Jan 25, 2025
    risk 0.00cvss epss 0.00

    IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts.

  • CVE-2024-35113Jan 25, 2025
    risk 0.00cvss epss 0.00

    IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing.

  • CVE-2024-35112Jan 25, 2025
    risk 0.00cvss epss 0.00

    IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

  • CVE-2024-35111Jan 25, 2025
    risk 0.00cvss epss 0.00

    IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

  • CVE-2023-35020Jan 19, 2024
    risk 0.00cvss epss 0.01

    IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874.

  • CVE-2021-20529May 19, 2021
    risk 0.00cvss epss 0.01

    IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 198763.

  • CVE-2021-20528May 19, 2021
    risk 0.00cvss epss 0.01

    IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2014-0925May 30, 2014
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 before 5.4.1.0 iFix 2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

  • CVE-2013-2969Jun 19, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.

  • CVE-2013-2968Jun 19, 2013
    risk 0.00cvss epss 0.01

    An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.