Remote Code Execution Vulnerability in IBM Sterling Connect:Direct for OpenVMS
CVE-2013-4035
7.3HIGH
Summary
IBM Sterling Connect:Direct for OpenVMS versions 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 suffer a vulnerability due to inadequate handling of client requests for unencrypted sessions. This issue arises when the server is expected to secure communications using SSL encryption, yet can still accept unencrypted connections. As a result, remote attackers may exploit this flaw to gain unauthorized access and potentially execute malicious actions within the environment, compromising the security integrity of the data being transferred.
References
CVSS V3.1
Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved