Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-4630


Vulnerability Score 4.3 4.3
CVE Id CVE-2014-4630
Last Modified 18 Feb 2015 09:59:27
Published 30 Dec 2014 10:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."

Vulnerable Systems


  • Emc Rsa Bsafe 4.0.0

  • Emc Rsa Bsafe 4.0.1

  • Emc Rsa Bsafe 4.0.2

  • Emc Rsa Bsafe 4.0.3

  • Emc Rsa Bsafe 4.0.4

  • Emc Rsa Bsafe 4.0.5

  • Emc Rsa Bsafe Ssl-j 6.1.2



BUGTRAQ - 20141230 ESA-2014-158: RSA BSAFE Micro Edition Suite and SSL-J Triple Handshake Vulnerability

BID - 72534

Last Updated: 27 May 2016 11:07:22