Vulnerability in Dell Bsafe_micro-edition-suite

CVE-2014-4630

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle att…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.009 (55.0th percentile) — read the EPSS interpretation.

Affected products

Dell Bsafe_micro-edition-suite — versions 4.0.0, 4.0.1, 4.0.2
Dell Bsafe_ssl-j
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

security_alert@emc.com (mailing-list, x_refsource_BUGTRAQ, Broken Link)
security_alert@emc.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
security_alert@emc.com (Technical Description, x_refsource_MISC)