CVE-2014-4630

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-4630
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html Broken Link
http://www.securityfocus.com/bid/72534 Third Party Advisory VDB Entry
https://secure-resumption.com/ Technical Description
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*
History

09 Dec 2021, 18:31

Type Values Removed Values Added
CPE cpe:2.3:a:dell:bsafe:4.0.2:*:*:*:micro_edition_suite:*:*:*
cpe:2.3:a:dell:bsafe:4.0.5:*:*:*:micro_edition_suite:*:*:*
cpe:2.3:a:dell:bsafe:4.0.4:*:*:*:micro_edition_suite:*:*:*
cpe:2.3:a:dell:bsafe:4.0.0:*:*:*:micro_edition_suite:*:*:*
cpe:2.3:a:dell:bsafe:4.0.1:*:*:*:micro_edition_suite:*:*:*
cpe:2.3:a:emc:rsa_bsafe_ssl-j:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe:4.0.3:*:*:*:micro_edition_suite:*:*:*		 cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.2:*:*:*:*:*:*:*

30 Nov 2021, 17:24

Type Values Removed Values Added
CPE cpe:2.3:a:emc:rsa_bsafe:4.0.1:*:*:*:micro_edition_suite:*:*:*
cpe:2.3:a:emc:rsa_bsafe:4.0.0:*:*:*:micro_edition_suite:*:*:*
cpe:2.3:a:emc:rsa_bsafe:4.0.3:*:*:*:micro_edition_suite:*:*:*
cpe:2.3:a:emc:rsa_bsafe:4.0.2:*:*:*:micro_edition_suite:*:*:*
cpe:2.3:a:emc:rsa_bsafe:4.0.5:*:*:*:micro_edition_suite:*:*:*
cpe:2.3:a:emc:rsa_bsafe:4.0.4:*:*:*:micro_edition_suite:*:*:*		 cpe:2.3:a:dell:bsafe:4.0.2:*:*:*:micro_edition_suite:*:*:*
cpe:2.3:a:dell:bsafe:4.0.5:*:*:*:micro_edition_suite:*:*:*
cpe:2.3:a:dell:bsafe:4.0.4:*:*:*:micro_edition_suite:*:*:*
cpe:2.3:a:dell:bsafe:4.0.0:*:*:*:micro_edition_suite:*:*:*
cpe:2.3:a:dell:bsafe:4.0.1:*:*:*:micro_edition_suite:*:*:*
cpe:2.3:a:dell:bsafe:4.0.3:*:*:*:micro_edition_suite:*:*:*
Information

Published : 2014-12-30 15:59

Updated : 2023-12-10 11:31

NVD link : CVE-2014-4630

Mitre link : CVE-2014-4630

CVE.ORG link : CVE-2014-4630

JSON object : View

Products Affected

dell

  • bsafe_ssl-j
  • bsafe_micro-edition-suite
CWE
CWE-310

Cryptographic Issues