Vulnerability Details : CVE-2013-4035
IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138.
Products affected by CVE-2013-4035
- cpe:2.3:a:ibm:sterling_connect:3.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:sterling_connect:3.6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:sterling_connect:3.4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:sterling_connect:3.4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:sterling_connect:3.6.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4035
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4035
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.1
|
MEDIUM | AV:A/AC:L/Au:S/C:P/I:P/A:N |
5.1
|
4.9
|
NIST | |
7.3
|
HIGH | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
2.1
|
5.2
|
NIST |
CWE ids for CVE-2013-4035
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4035
-
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-openvms-unencrypted-data-transfers-can-occur-even-when-ssl-encryption-is-specified-in-the-security-configuration-cve-2013-4035/
Security Bulletin: IBM Sterling Connect:Direct for OpenVMS. Unencrypted data transfers can occur even when SSL encryption is specified in the security configuration. (CVE-2013-4035) - IBM PSIRT BlogVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/86138
IBM Sterling Connect:Direct for OpenVMS SSL/TLS weak security CVE-2013-4035 Vulnerability ReportVDB Entry;Vendor Advisory
Jump to