Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0636

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2014-0636
Last Modified 18 Nov 2014 09:59:52
Published 11 Apr 2014 03:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-0636

Summary

EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain.

Vulnerable Systems

Application

  • Emc Rsa Bsafe 3.2.0

  • Emc Rsa Bsafe 3.2.1

  • Emc Rsa Bsafe 3.2.2

  • Emc Rsa Bsafe 3.2.3

  • Emc Rsa Bsafe 3.2.4

  • Emc Rsa Bsafe 3.2.5

  • Emc Rsa Bsafe 4.0.0

  • Emc Rsa Bsafe 4.0.1

  • Emc Rsa Bsafe 4.0.2

  • Emc Rsa Bsafe 4.0.3

  • Emc Rsa Bsafe 4.0.4


References

BUGTRAQ - 20140411 ESA-2014-019: RSA BSAFE Micro Edition Suite Certificate Chain Processing Vulnerability

BID - 66791


Last Updated: 27 May 2016 11:04:54