CVE-2014-4630 — Dell Bsafe Ssl-j vulnerability

CWE-3104 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 51.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Bsafe Ssl-j Dell Bsafe Micro-edition-suite

Timeline

PublishedDec 30

Latest updateMay 13

Description

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDdell/bsafe_micro-edition-suite6 versions+5

▶NVDdell/bsafe_ssl-j6.1.2

🔴Vulnerability Details

GHSA

GHSA-c6g2-9gg2-5hq8: EMC RSA BSAFE Micro Edition Suite (MES) 4↗2022-05-13

▶

CVEList

CVE-2014-4630: EMC RSA BSAFE Micro Edition Suite (MES) 4↗2014-12-30

▶

💬Community

Bugzilla

CVE-2014-9323 firebird: malformed network packet can cause denial of service↗2014-12-10

▶