PT-2015-4699 · Rsa+1 · Rsa Bsafe Ssl-J+1
Published
2015-08-20
·
Updated
2021-12-14
·
CVE-2015-0535
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.0.7
EMC RSA BSAFE Micro Edition Suite (MES) versions 4.1.x through 4.1.2
RSA BSAFE SSL-C version 2.8.9 and earlier
Description
The issue makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT RSA ciphers via crafted TLS traffic, related to the "FREAK" issue. This is due to the improper restriction of TLS state transitions.
Recommendations
For EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.0.7, update to version 4.0.8 or later.
For EMC RSA BSAFE Micro Edition Suite (MES) versions 4.1.x through 4.1.2, update to version 4.1.3 or later.
For RSA BSAFE SSL-C version 2.8.9 and earlier, update to a version later than 2.8.9.
Fix
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Emc Rsa Bsafe Micro Edition Suite
Rsa Bsafe Ssl-J