CVE-2014-0626
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.
Las APIs (1) JSAFE y (2) JSSE en EMC RSA BSAFE SSL-J 5.x anterior a 5.1.3 y 6.x anterior a 6.0.2 facilitan a atacantes remotos evadir mecanismos de protección criptográfica mediante el aprovechamiento del procesamiento de datos de la aplicación durante el handshake de TLS, en el momento cuando los datos no están cifrados ni autenticados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-01-02 CVE Reserved
- 2014-02-17 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Bsafe Ssl-j Search vendor "Dell" for product "Bsafe Ssl-j" | 5.1.2 Search vendor "Dell" for product "Bsafe Ssl-j" and version "5.1.2" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Bsafe Ssl-j Search vendor "Dell" for product "Bsafe Ssl-j" | 6.0 Search vendor "Dell" for product "Bsafe Ssl-j" and version "6.0" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Bsafe Ssl-j Search vendor "Emc" for product "Rsa Bsafe Ssl-j" | 5.0 Search vendor "Emc" for product "Rsa Bsafe Ssl-j" and version "5.0" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Bsafe Ssl-j Search vendor "Emc" for product "Rsa Bsafe Ssl-j" | 5.1.0 Search vendor "Emc" for product "Rsa Bsafe Ssl-j" and version "5.1.0" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Bsafe Ssl-j Search vendor "Emc" for product "Rsa Bsafe Ssl-j" | 5.1.1 Search vendor "Emc" for product "Rsa Bsafe Ssl-j" and version "5.1.1" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Bsafe Ssl-j Search vendor "Emc" for product "Rsa Bsafe Ssl-j" | 6.0.1 Search vendor "Emc" for product "Rsa Bsafe Ssl-j" and version "6.0.1" | - |
Affected
| ||||||