PT-2015-4697 · Rsa+1 · Rsa Bsafe Ssl-J+1

Publicado

2015-08-20

Atualizado

2021-12-14

CVE-2015-0533

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.0.7 EMC RSA BSAFE Micro Edition Suite (MES) versions 4.1.x through 4.1.2 RSA BSAFE SSL-C versions 2.8.9 and earlier

Description The issue allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks, triggering a loss of forward secrecy by omitting the ServerKeyExchange message.

Recommendations For EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.0.7, update to version 4.0.8 or later. For EMC RSA BSAFE Micro Edition Suite (MES) versions 4.1.x through 4.1.2, update to version 4.1.3 or later. For RSA BSAFE SSL-C versions 2.8.9 and earlier, update to a version later than 2.8.9.

Correção

Use of a Broken Cryptographic Algorithm

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-327

Identificadores relacionados

CVE-2015-0533

Produtos afetados

Emc Rsa Bsafe Micro Edition Suite

Rsa Bsafe Ssl-J

PT-2015-4697 · Rsa+1 · Rsa Bsafe Ssl-J+1

CVE-2015-0533

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3