CVE-2013-4035

Published: May 1, 2018Modified: Nov 21, 2024

7.3

Vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.1 / Impact: 5.2

Source: NVD

Description

IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138.

Affected (5)

Products: Ibm: Sterling Connect

Ibm

1 product

Sterling Connect

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ibm Sterling Connect	Version 3.4.0.0
Ibm Sterling Connect	Version 3.4.0.1
Ibm Sterling Connect	Version 3.5.0.0
Ibm Sterling Connect	Version 3.6.0.1
Ibm Sterling Connect	Version 3.6.0

Related CWEs

CWE-310

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/86138

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-openvms-unencrypted-data-transfers-can-occur-even-when-ssl-encryption-is-specified-in-the-security-configuration-cve-2013-4035/

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/86138

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.