CVE-2014-0636

Published Apr 11, 2014

Last updated 3 years ago

Overview

Description: EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain.
Source: security_alert@emc.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-310

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:3.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B6D9A48-17C9-4E7E-AA35-CED1B2003BCC"
          },
          {
            "criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:3.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83FD17B7-1087-48C0-8FE8-4FA7F6B38C2D"
          },
          {
            "criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:3.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB7BE1ED-09BD-42C0-B6FB-2DE5BE44CF53"
          },
          {
            "criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:3.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1100FA71-2D15-4E64-AD80-4D292E371C27"
          },
          {
            "criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:3.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9608ED0-2FF8-420A-B489-71814075F430"
          },
          {
            "criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:3.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "653AC17D-4C8E-427D-A7DC-E6D6E52E724E"
          },
          {
            "criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9070318E-1AB0-4EC9-8192-D7E2BCF1B4BE"
          },
          {
            "criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BAAD58D-7B35-4C0C-8800-DF8B78999A09"
          },
          {
            "criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F608E0D4-F71E-4F84-9170-7BE65F415B84"
          },
          {
            "criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CA858A4-7617-4930-9D47-0B334E5A64B0"
          },
          {
            "criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FE2BD4F-AF53-4BFF-A652-FB9D181036CB"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References