CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11068
https://notcve.org/view.php?id=CVE-2018-11068
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. RSA BSAFE SSL-J en versiones anteriores a la 6.2.4 contiene una vulnerabilidad de inspección de memoria dinámica (heap) que podría permitir que un atacante con acceso físico al sistema recupere material clave sensible. • http://www.securitytracker.com/id/1041614 https://seclists.org/fulldisclosure/2018/Sep/7 • CWE-459: Incomplete Cleanup •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11069
https://notcve.org/view.php?id=CVE-2018-11069
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. RSA BSAFE SSL-J, en versiones anteriores a la 6.2.4 contiene una vulnerabilidad de canal de tiempo oculto durante el descifrado RSA. Esto también se conoce como ataque Bleichenbacher sobre descifrado RSA. Un atacante remoto podría ser capaz de recuperar una clave RSA. • http://www.securitytracker.com/id/1041614 https://seclists.org/fulldisclosure/2018/Sep/7 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2016-0887
https://notcve.org/view.php?id=CVE-2016-0887
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session. EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x y 4.1.x en versiones anteriores a 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x y 4.1.x en versiones anteriores a 4.1.3, RSA BSAFE Crypto-J en versiones anteriores a 6.2.1, RSA BSAFE SSL-J en versiones anteriores a 6.2.1 y RSA BSAFE SSL-C en versiones anteriores a 2.8.9 permiten a atacantes remotos descubrir un factor primo de clave privada llevando a cabo un ataque Lenstra de canal lateral que aprovecha el fallo de una aplicación para detectar un fallo de firma RSA durante una sesión TLS. • http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html http://seclists.org/bugtraq/2016/Apr/66 http://www.securityfocus.com/archive/1/538055/100/0/threaded http://www.securitytracker.com/id/1035515 http://www.securitytracker.com/id/1035516 http://www.securitytracker.com/id/1035517 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0534
https://notcve.org/view.php?id=CVE-2015-0534
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275. Vulnerabilidad en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x en versiones anteriores a 4.0.8 y 4.1.x en versiones anteriores a 4.1.3, RSA BSAFE Crypto-J en versiones anteriores a 6.2, RSA BSAFE SSL-J en versiones anteriores a 6.2 y RSA BSAFE SSL-C 2.8.9 y versiones anteriores, no fuerza ciertas restricciones en datos de certificado, lo que permite a atacantes remotos anular el mecanismo de protección de lista negra de certificados basado en fingerprint mediante la inclusión de datos manipulados en una porción sin firmar de un certificado, un problema similar a CVE-2014-8275. • http://seclists.org/bugtraq/2015/Aug/84 http://www.securityfocus.com/bid/76377 http://www.securitytracker.com/id/1033297 http://www.securitytracker.com/id/1033298 • CWE-295: Improper Certificate Validation •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2014-4630
https://notcve.org/view.php?id=CVE-2014-4630
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack." EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x anterior a 4.0.6 y RSA BSAFE SSL-J anterior a 6.1.4 no asegura que el certificado de servidor X.509 sea el mismo durante la renegociación como lo era antes de ella, lo que permite ataques 'man-in-the-middle' para obtener información sensible o modificar datos de la sesión TLS a través de 'ataque de triple negociación' • http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html http://www.securityfocus.com/bid/72534 https://secure-resumption.com • CWE-310: Cryptographic Issues •