CVE-2015-0533

HIGH

RSA BSAFE Micro Edition Suite 4.0.0-4.0.7 and 4.1.0-4.1.2 and RSA BSAFE SSL-C < 2.8.9 - ECDHE-to-ECDH Downgrade Attack

Title source: llm
STIX 2.1

Description

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-3572.

References (2)

Core 2
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
http://seclists.org/bugtraq/2015/Aug/84
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/76377

Scores

CVSS v3 7.5
EPSS 0.0031
EPSS Percentile 54.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-327
Status published
Products (2)
dell/bsafe 4.0.0 - 4.0.8
dell/bsafe_ssl-c < 2.8.9
Published Aug 20, 2015
Tracked Since Feb 18, 2026