CVE-2014-0636 — MEDIUM (5.8)

Vulnerability Description

EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain.

CVSS Score

5.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:N

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Dell	Bsafe Micro-Edition-Suite	3.2.0

Related Weaknesses (CWE)

CWE-310

References

http://archives.neohapsis.com/archives/bugtraq/2014-04/0069.htmlBroken Link
http://www.securityfocus.com/bid/66791Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-04/0069.htmlBroken Link
http://www.securityfocus.com/bid/66791Third Party Advisory

FAQ

What is CVE-2014-0636?

CVE-2014-0636 is a vulnerability with a CVSS score of 5.8 (MEDIUM). EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via...

How severe is CVE-2014-0636?

CVE-2014-0636 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-0636?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Bsafe Micro-Edition-Suite.