PT-2015-4697 · Rsa+1 · Rsa Bsafe Ssl-J+1

Published

2015-08-20

Updated

2021-12-14

CVE-2015-0533

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.0.7 EMC RSA BSAFE Micro Edition Suite (MES) versions 4.1.x through 4.1.2 RSA BSAFE SSL-C versions 2.8.9 and earlier

Description The issue allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks, triggering a loss of forward secrecy by omitting the ServerKeyExchange message.

Recommendations For EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.0.7, update to version 4.0.8 or later. For EMC RSA BSAFE Micro Edition Suite (MES) versions 4.1.x through 4.1.2, update to version 4.1.3 or later. For RSA BSAFE SSL-C versions 2.8.9 and earlier, update to a version later than 2.8.9.

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

CVE-2015-0533

Affected Products

Emc Rsa Bsafe Micro Edition Suite

Rsa Bsafe Ssl-J

PT-2015-4697 · Rsa+1 · Rsa Bsafe Ssl-J+1

CVE-2015-0533

Weakness Enumeration

Related Identifiers

Affected Products

References · 3