CVE-2013-4035 | Vulnerability Database | Aqua Security

IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138.

Affected Software

Name	Vendor	Start Version	End Version
Sterling_connect	Ibm	3.4.0.0 (including)	3.4.0.0 (including)
Sterling_connect	Ibm	3.4.0.1 (including)	3.4.0.1 (including)
Sterling_connect	Ibm	3.5.0.0 (including)	3.5.0.0 (including)
Sterling_connect	Ibm	3.6.0 (including)	3.6.0 (including)
Sterling_connect	Ibm	3.6.0.1 (including)	3.6.0.1 (including)

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/86138
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-openvms-unencrypted-data-transfers-can-occur-even-when-ssl-encryption-is-specified-in-the-security-configuration-cve-2013-4035/
https://exchange.xforce.ibmcloud.com/vulnerabilities/86138
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-openvms-unencrypted-data-transfers-can-occur-even-when-ssl-encryption-is-specified-in-the-security-configuration-cve-2013-4035/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-4035
CWE	https://cwe.mitre.org/data/definitions/310.html