4.3
MEDIUM
CVE-2013-4030
IBM IMM SSL Cipher Suite Weakness
Description

Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.

INFO

Published Date :

Jan. 21, 2014, 1:55 a.m.

Last Modified :

Nov. 21, 2024, 1:54 a.m.

Remotely Exploitable :

Yes !

Impact Score :

2.9

Exploitability Score :

8.6
Affected Products

The following products are affected by CVE-2013-4030 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Ibm integrated_management_module_2
2 Ibm bladecenter
3 Ibm flex_system_manager_node_7955
4 Ibm flex_system_manager_node_8731
5 Ibm flex_system_manager_node_8734
6 Ibm flex_system_x220_compute_node
7 Ibm flex_system_x240_compute_node
8 Ibm flex_system_x440_compute_node
9 Ibm system_x_idataplex_direct_water_cooled_dx360_m4_server
10 Ibm system_x_idataplex_dx360_m4_server
11 Ibm system_x3100_m4
12 Ibm system_x3250_m4
13 Ibm system_x3300_m4
14 Ibm system_x3500_m2
15 Ibm system_x3500_m3
16 Ibm system_x3500_m4
17 Ibm system_x3530_m4
18 Ibm system_x3550_m2
19 Ibm system_x3550_m3
20 Ibm system_x3550_m4
21 Ibm system_x3630_m3
22 Ibm system_x3630_m4
23 Ibm system_x3630_m4_hd
24 Ibm system_x3650_m2
25 Ibm system_x3650_m3
26 Ibm system_x3650_m4
27 Ibm system_x3650_m4_hd
28 Ibm system_x3690_x5
29 Ibm system_x3750_m4
30 Ibm system_x3850_x5
31 Ibm system_x3950_x5

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2013-4030 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2013-4030 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301
    Added Reference https://exchange.xforce.ibmcloud.com/vulnerabilities/86068
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Aug. 29, 2017

    Action Type Old Value New Value
    Removed Reference http://xforce.iss.net/xforce/xfdb/86068 [No Types Assigned]
    Added Reference https://exchange.xforce.ibmcloud.com/vulnerabilities/86068 [No Types Assigned]
  • Initial Analysis by [email protected]

    Jan. 23, 2014

    Action Type Old Value New Value
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2013-4030 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2013-4030 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.13 }} -0.00%

score

0.49985

percentile

CVSS2 - Vulnerability Scoring System
Access Vector
Access Complexity
Authentication
Confidentiality
Integrity
Availability