Lucene search

[email protected]CVE-2001-1105

HistoryMar 15, 2002 - 5:00 a.m.

CVE-2001-1105

2002-03-1505:00:00

[email protected]

web.nvd.nist.gov

cve-2001-1105

rsa bsafe ssl-j

cisco icnd 2.0

ssl client authentication

data breach

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.2%

JSON

RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.

Affected configurations

NVD

Node

ciscoicdnMatch2.0

dellbsafe_ssl-jMatch3.0

dellbsafe_ssl-jMatch3.0.1

dellbsafe_ssl-jMatch3.1

CPENameOperatorVersion
cisco:icdncisco icdneq2.0
dell:bsafe_ssl-jdell bsafe ssl-jeq3.0
dell:bsafe_ssl-jdell bsafe ssl-jeq3.0.1
dell:bsafe_ssl-jdell bsafe ssl-jeq3.1

CPE	Name	Operator	Version
cisco:icdn	cisco icdn	eq	2.0
dell:bsafe_ssl-j	dell bsafe ssl-j	eq	3.0
dell:bsafe_ssl-j	dell bsafe ssl-j	eq	3.0.1
dell:bsafe_ssl-j	dell bsafe ssl-j	eq	3.1

References

www.ciac.org/ciac/bulletins/l-141.shtml

www.cisco.com/warp/public/707/SSL-J-pub.html

www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html

www.securityfocus.com/bid/3329

exchange.xforce.ibmcloud.com/vulnerabilities/7112

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.2%

JSON

Related for CVE-2001-1105

nvd1 cvelist1