Vulnerability Name:

CVE-2015-0534 (CCN-105651)

Assigned:2014-12-17
Published:2015-08-17
Updated:2021-12-14
Summary:EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-295
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2015-0534

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20150817 ESA-2015-081: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities

Source: CCN
Type: EMC Security Advisory ESA-2015-081
RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities

Source: BID
Type: Third Party Advisory, VDB Entry
76377

Source: CCN
Type: BID-76377
Multiple EMC RSA Products ESA-2015-081 Multiple Security Vulnerabilities

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1033297

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1033298

Source: XF
Type: UNKNOWN
rsa-bsafe-cve20150534-sec-bypass(105651)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:* (Version >= 4.0.0 and < 4.0.8)
  • OR cpe:/a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:* (Version >= 4.1.0 and < 4.1.3)
  • OR cpe:/a:dell:bsafe_ssl-c:*:*:*:*:*:*:*:* (Version <= 2.8.9)
  • OR cpe:/a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:* (Version < 6.2)

    • Configuration CCN 1:
  • cpe:/a:emc:rsa_bsafe_ssl-j:6.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:emc:rsa_bsafe_ssl-c:2.8.9:*:*:*:*:*:*:*
  • OR cpe:/a:emc:rsa_bsafe:4.0.7::~~micro_edition_suite~~~:*:*:*:*:*
  • OR cpe:/a:emc:rsa_bsafe:4.1.2::~~micro_edition_suite~~~:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    dell bsafe *
    dell bsafe *
    dell bsafe ssl-c *
    dell bsafe ssl-j *
    emc rsa bsafe ssl-j 6.1.2
    emc rsa bsafe ssl-c 2.8.9
    emc rsa bsafe 4.0.7
    emc rsa bsafe 4.1.2