Remote Code Execution Vulnerability in IBM Sterling Connect:Direct for OpenVMS
CVE-2013-4035

7.3HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
1 May 2018

Summary

IBM Sterling Connect:Direct for OpenVMS versions 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 suffer a vulnerability due to inadequate handling of client requests for unencrypted sessions. This issue arises when the server is expected to secure communications using SSL encryption, yet can still accept unencrypted connections. As a result, remote attackers may exploit this flaw to gain unauthorized access and potentially execute malicious actions within the environment, compromising the security integrity of the data being transferred.

References

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.