CVE-2014-4630

Name of the Vulnerable Software and Affected Versions EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.0.5 RSA BSAFE SSL-J versions prior to 6.1.4

Description The issue allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack" because the server's X.509 certificate is not verified to be the same during renegotiation as it was before renegotiation.

Recommendations For EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.0.5, update to version 4.0.6 or later. For RSA BSAFE SSL-J versions prior to 6.1.4, update to version 6.1.4 or later.