Lucene search
HistoryDec 30, 2014 - 3:59 p.m.
CVE-2014-4630
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
5.9
Confidence
Low
EPSS
0.001
Percentile
35.9%
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server’s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a “triple handshake attack.”
Affected configurations
Node
dellbsafe_micro-edition-suiteMatch4.0.0
ORdellbsafe_micro-edition-suiteMatch4.0.1
ORdellbsafe_micro-edition-suiteMatch4.0.2
ORdellbsafe_micro-edition-suiteMatch4.0.3
ORdellbsafe_micro-edition-suiteMatch4.0.4
ORdellbsafe_micro-edition-suiteMatch4.0.5
ORdellbsafe_ssl-jRange≤6.1.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dell | bsafe_micro-edition-suite | 4.0.0 | cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.0:*:*:*:*:*:*:* |
| dell | bsafe_micro-edition-suite | 4.0.1 | cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.1:*:*:*:*:*:*:* |
| dell | bsafe_micro-edition-suite | 4.0.2 | cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.2:*:*:*:*:*:*:* |
| dell | bsafe_micro-edition-suite | 4.0.3 | cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.3:*:*:*:*:*:*:* |
| dell | bsafe_micro-edition-suite | 4.0.4 | cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.4:*:*:*:*:*:*:* |
| dell | bsafe_micro-edition-suite | 4.0.5 | cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.5:*:*:*:*:*:*:* |
| dell | bsafe_ssl-j | * | cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:* |
Related
securityvulns
securityvulns
ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability
2015-01-02 00:00:00
EMC RSA BSAFE triple handhsake TLS attacks
2015-01-02 00:00:00
cvelist
cvelist
CVE-2014-4630
2014-12-30 15:00:00
cve
cve
CVE-2014-4630
2014-12-30 15:59:00
prion
prion
Design/Logic Flaw
2014-12-30 15:59:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
5.9
Confidence
Low
EPSS
0.001
Percentile
35.9%
Related for NVD:CVE-2014-4630