CVE-2015-0534

{"id": "CVE-2015-0534", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2015-08-20T10:59:01.310", "references": [{"url": "http://seclists.org/bugtraq/2015/Aug/84", "tags": ["Mailing List", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/76377", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1033297", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1033298", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://seclists.org/bugtraq/2015/Aug/84", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/76377", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1033297", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1033298", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275."}, {"lang": "es", "value": "Vulnerabilidad en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x en versiones anteriores a 4.0.8 y 4.1.x en versiones anteriores a 4.1.3, RSA BSAFE Crypto-J en versiones anteriores a 6.2, RSA BSAFE SSL-J en versiones anteriores a 6.2 y RSA BSAFE SSL-C 2.8.9 y versiones anteriores, no fuerza ciertas restricciones en datos de certificado, lo que permite a atacantes remotos anular el mecanismo de protecci\u00f3n de lista negra de certificados basado en fingerprint mediante la inclusi\u00f3n de datos manipulados en una porci\u00f3n sin firmar de un certificado, un problema similar a CVE-2014-8275."}], "lastModified": "2024-11-21T02:23:15.883", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", "vulnerable": true, "matchCriteriaId": "881DAA21-9EDC-4E14-8EDC-D9CEDA06829F", "versionEndExcluding": "4.0.8", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", "vulnerable": true, "matchCriteriaId": "0827F5F6-5146-4AE7-935E-A1721D0EB656", "versionEndExcluding": "4.1.3", "versionStartIncluding": "4.1.0"}, {"criteria": "cpe:2.3:a:dell:bsafe_ssl-c:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C58A542-D445-466F-B897-5D9A88B486E2", "versionEndIncluding": "2.8.9"}, {"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D1B7149-78D4-4D1A-97B3-6441ADED030C", "versionEndExcluding": "6.2"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}