CVE-2014-0626 — Dell Bsafe Ssl-j vulnerability

CWE-3103 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.2%

top 59.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Bsafe Ssl-j EMC RSA Bsafe Ssl-j

Timeline

PublishedFeb 18

Latest updateMay 13

Description

The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDdell/bsafe_ssl-j5.1.2, 6.0+1

▶NVDemc/rsa_bsafe_ssl-j4 versions+3

🔴Vulnerability Details

GHSA

GHSA-49mf-7m55-94wm: The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5↗2022-05-13

▶

CVEList

CVE-2014-0626: The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5↗2014-02-18

▶