{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-14T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-18T00:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2014-0626", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:20:19.775Z"}, "title": "CVE Program Container", "references": [{"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2014-0626", "datePublished": "2014-02-18T00:00:00", "dateReserved": "2014-01-02T00:00:00", "dateUpdated": "2024-08-06T09:20:19.775Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "314CC197-7A5B-490E-BCA4-DCFFDC32A50F", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "514F2922-83FA-4A51-BA74-A17175643BE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8B160FFB-EF0D-4D7B-9810-3D7728FB0B4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "384C4C01-A2CF-4241-97D2-C379F4351DD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "AB1CF0F5-828F-405C-B8E8-D7F8AD15BEF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "CBF5DF8B-B891-4291-A5C2-91C2C2525F53", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated."}, {"lang": "es", "value": "Las APIs (1) JSAFE y (2) JSSE en EMC RSA BSAFE SSL-J 5.x anterior a 5.1.3 y 6.x anterior a 6.0.2 facilitan a atacantes remotos evadir mecanismos de protecci\u00f3n criptogr\u00e1fica mediante el aprovechamiento del procesamiento de datos de la aplicaci\u00f3n durante el handshake de TLS, en el momento cuando los datos no est\u00e1n cifrados ni autenticados."}], "id": "CVE-2014-0626", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-18T00:55:05.173", "references": [{"source": "security_alert@emc.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}