CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3730
https://notcve.org/view.php?id=CVE-2019-3730
30 Sep 2019 — RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. Las versiones de RSA BSAFE Micro Edition Suite anteriores a la versión 4.1.6.3 (en 4.1.x) y anteriores a 4.4 (en 4.2.xy 4.3.x) son vulnerables ... • https://www.dell.com/support/kbdoc/000194054 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-649: Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking •
CVSS: 2.7EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3729
https://notcve.org/view.php?id=CVE-2019-3729
30 Sep 2019 — RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit this vulnerability to cause a crash in the library of the affected system. RSA BSAFE Micro Edition Suite versiones anteriores a 4.4 (en versiones 4.0.x, 4.1.x, 4.2.x y 4.3.x), son susceptibles a una vulnerabilidad de Desbordamiento de Búfer en la Región Heap de ... • https://www.dell.com/support/kbdoc/000194054 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-3728
https://notcve.org/view.php?id=CVE-2019-3728
30 Sep 2019 — RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions prior to 4.0.13 (in 4.0.x) and prior to 4.4 (in 4.1.x, 4.2.x, 4.3.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system. RSA BSAFE Crypto-C Micro Edition versiones anteriores a 4.0.5.4 (en versiones 4.0.x) y 4.1.4 (en versi... • https://www.dell.com/support/kbdoc/000194054 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2016-0887 – RSA BSAFE Lenstra's Attack
https://notcve.org/view.php?id=CVE-2016-0887
11 Apr 2016 — EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session. EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x y 4.1.x en versiones anteriores a ... • http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2014-4630 – RSA BSAFE Micro Edition Suite / SSL-J Triple Handshake
https://notcve.org/view.php?id=CVE-2014-4630
30 Dec 2014 — EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack." EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x anterior a 4.0.6 y RSA BSAFE SSL-J anterior a 6.1.4 no asegura que el certificado de servidor X.509 sea el mismo durante la rene... • http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 11EXPL: 0CVE-2014-0636 – RSA BSAFE Micro Edition Suite Certificate Chain Processing
https://notcve.org/view.php?id=CVE-2014-0636
11 Apr 2014 — EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain. EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x anterior a 3.2.6 y 4.0.x anterior a 4.0.5 no valida debidamente cadenas de certificados X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de una cadena de certificados manipulada. RSA BSAFE MES 3.2.6... • http://archives.neohapsis.com/archives/bugtraq/2014-04/0069.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-0628 – RSA BSAFE Micro Edition Suite (MES) 4.0.x Denial of Service
https://notcve.org/view.php?id=CVE-2014-0628
24 Mar 2014 — The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. El servidor en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x anterior a 4.0.5 no procesa debidamente cadenas de certificados, lo que permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de vectores no especificados. RSA BSAFE MES 4.0.5 contains fix for a se... • http://archives.neohapsis.com/archives/bugtraq/2014-03/0130.html • CWE-20: Improper Input Validation •