Vulnerability in Dell Bsafe_ssl-j

CVE-2014-0627

The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.015 (71.5th percentile) — read the EPSS interpretation.

Affected products

Dell Bsafe_ssl-j — versions 5.1.2, 6.0
Emc Rsa_bsafe_ssl-j — versions 5.0, 5.1.0, 5.1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

security_alert@emc.com (mailing-list, x_refsource_BUGTRAQ)