Vulnerability Details CVE-2014-4630
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.2%
CVSS Severity
CVSS v2 Score 4.3
References
Products affected by CVE-2014-4630
-
cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.0
-
cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.1
-
cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.2
-
cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.3
-
cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.4
-
cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.5
-
cpe:2.3:a:dell:bsafe_ssl-j:-
-
cpe:2.3:a:dell:bsafe_ssl-j:3.0
-
cpe:2.3:a:dell:bsafe_ssl-j:3.0.1
-
cpe:2.3:a:dell:bsafe_ssl-j:3.1
-
cpe:2.3:a:dell:bsafe_ssl-j:5.0
-
cpe:2.3:a:dell:bsafe_ssl-j:5.1
-
cpe:2.3:a:dell:bsafe_ssl-j:5.1.1
-
cpe:2.3:a:dell:bsafe_ssl-j:5.1.2
-
cpe:2.3:a:dell:bsafe_ssl-j:5.1.3
-
cpe:2.3:a:dell:bsafe_ssl-j:5.1.4
-
cpe:2.3:a:dell:bsafe_ssl-j:5.2
-
cpe:2.3:a:dell:bsafe_ssl-j:6.0
-
cpe:2.3:a:dell:bsafe_ssl-j:6.0.1
-
cpe:2.3:a:dell:bsafe_ssl-j:6.0.2
-
cpe:2.3:a:dell:bsafe_ssl-j:6.1
-
cpe:2.3:a:dell:bsafe_ssl-j:6.1.1
-
cpe:2.3:a:dell:bsafe_ssl-j:6.1.2