CVE-2013-4035

HIGH Year: 2013
CVSS v3 Score
7.3
High
CVSS v2 Score
4.1
Medium
Weakness Type
CWE-310
View all →

Vulnerability Description

IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138.

Related Vulnerabilities

CVE-2013-7030

HIGH
CVSS:7.3(High)

The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discover...

CWE-3102013

CVE-2012-3372

HIGH
CVSS:7.4(High)

The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-...

CWE-3102012

CVE-2015-5039

HIGH
CVSS:7.4(High)

The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from...

CWE-3102015

CVE-2016-1000344

HIGH
CVSS:7.4(High)

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

CWE-3102016

CVE-2016-1000352

HIGH
CVSS:7.4(High)

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

CWE-3102016

CVE-2016-2113

HIGH
CVSS:7.4(High)

Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and o...

CWE-3102016