Vulnerability Details CVE-2013-4035
IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.7%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 4.1
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86138
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-openvms-unencrypted-data-transfers-can-occur-even-when-ssl-encryption-is-specified-in-the-security-configuration-cve-2013-4035/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86138
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-openvms-unencrypted-data-transfers-can-occur-even-when-ssl-encryption-is-specified-in-the-security-configuration-cve-2013-4035/
Products affected by CVE-2013-4035
-
cpe:2.3:a:ibm:sterling_connect:3.4.0.0
-
cpe:2.3:a:ibm:sterling_connect:3.4.0.1
-
cpe:2.3:a:ibm:sterling_connect:3.5.0.0
-
cpe:2.3:a:ibm:sterling_connect:3.6.0
-
cpe:2.3:a:ibm:sterling_connect:3.6.0.1