| |
Vulnerability CVE-2013-4035
Published: 2018-05-01
| Description: |
IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138. |
Type:
CWE-310 (Cryptographic Issues)
CVSS2 => (AV:A/AC:L/Au:S/C:P/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4.1/10 |
4.9/10 |
5.1/10 |
| Exploit range |
Attack complexity |
Authentication |
Adjacent network |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
None |
References: |
https://exchange.xforce.ibmcloud.com/vulnerabilities/86138
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-openvms-unencrypted-data-transfers-can-occur-even-when-ssl-encryption-is-specified-in-the-security-configuration-cve-2013-4035/
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
