Remote Code Execution Vulnerability in IBM Sterling Connect:Direct for OpenVMS
CVE-2013-4035

7.3HIGH

Key Information:

Vendor

IBM
Status
Sterling Connect
Vendor
CVE Published:
1 May 2018

What is CVE-2013-4035?

IBM Sterling Connect:Direct for OpenVMS versions 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 suffer a vulnerability due to inadequate handling of client requests for unencrypted sessions. This issue arises when the server is expected to secure communications using SSL encryption, yet can still accept unencrypted connections. As a result, remote attackers may exploit this flaw to gain unauthorized access and potentially execute malicious actions within the environment, compromising the security integrity of the data being transferred.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/86138
vdb-entryx_refsource_XF
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-ste...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.