Skip to main content

Bsafe Ssl J CVE-2014-0626

MEDIUM
Cryptographic Issues (CWE-310)
2014-02-18 security_alert@emc.com
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 18, 2014 - 00:55 cve.org
MEDIUM 5.0

DescriptionCVE.org

The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.

AnalysisAI

The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-310. The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated. Affected products include: Dell Bsafe Ssl-J, Emc Rsa Bsafe Ssl-J. Version information: before 5.1.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-0534 HIGH
7.5 Aug 20

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BS

CVE-2022-24409 HIGH
7.5 Feb 23

Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users

CVE-2019-3740 MEDIUM
6.5 Sep 18

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerab

CVE-2019-3739 MEDIUM
6.5 Sep 18

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabili

CVE-2019-3738 MEDIUM
6.5 Sep 18

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. Rated

CVE-2016-0887 MEDIUM
5.9 Apr 12

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and

CVE-2024-29172 MEDIUM
5.9 Feb 12

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability. Rated medium se

CVE-2024-29171 MEDIUM
5.9 Feb 12

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains an Improper certificate verification vuln

CVE-2018-11069 MEDIUM
5.9 Sep 11

RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known

CVE-2014-0625 MEDIUM
5.0 Feb 18

The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6

CVE-2014-0627 MEDIUM
5.0 Feb 18

The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to

CVE-2018-11068 MEDIUM
4.6 Sep 11

RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physic

Share

CVE-2014-0626 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy