CVE-2013-4035

{"id": "CVE-2013-4035", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.1}]}, "published": "2018-05-01T18:29:00.243", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86138", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-openvms-unencrypted-data-transfers-can-occur-even-when-ssl-encryption-is-specified-in-the-security-configuration-cve-2013-4035/", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138."}, {"lang": "es", "value": "IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0 y 3.6.0.1 permite que atacantes remotos provoquen un impacto sin especificar aprovechando el error a la hora de rechazar peticiones de clientes para una sesi\u00f3n sin cifrar cuando se emplean como servidor en una sesi\u00f3n TCP/IP y se configuran para el cifrado SSL con el cliente. IBM X-Force ID: 86138."}], "lastModified": "2018-06-07T18:37:19.307", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_connect:3.4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0121DC25-B8D3-409F-B894-40CFB0C0DA42"}, {"criteria": "cpe:2.3:a:ibm:sterling_connect:3.4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C57B819A-1D04-458E-87A2-0398A63FAB58"}, {"criteria": "cpe:2.3:a:ibm:sterling_connect:3.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBBB486E-5869-48F9-B9CE-733F9E167E19"}, {"criteria": "cpe:2.3:a:ibm:sterling_connect:3.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F92AD602-408F-433E-BE57-31A21313ACA5"}, {"criteria": "cpe:2.3:a:ibm:sterling_connect:3.6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15EE5C7B-A3DB-43DB-B2EE-4600C92A01D2"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}