Vulnerabilities for Rsa bsafe crypto-j (...) - CXSECURITY.COM

Vulnerabilities for 'Rsa bsafe crypto-j'

2018-09-11

CVE-2018-11070

CWE-327

RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.

2017-02-03

CVE-2016-8217

EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible because Crypto-J uses a non-constant-time method to compare the stored MAC with the calculated MAC. This vulnerability is similar to the issue described in CVE-2015-2601.

CVE-2016-8212

An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpdate as indicating that the OCSP response is valid indefinitely instead of restricting its validity for a brief period surrounding the thisUpdate time. This vulnerability is similar to the issue described in CVE-2015-4748.

2016-04-12

CVE-2016-0887

CWE-200

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.

>>> Vendor: EMC 177 Products

Retrospect client

Legato networker

Navisphere manager

Rsa security sitekey

Documentum administrator

Documentum webtop

Dantz retrospect backup server

Centera universal access

Documentum applicationxtender

Documentum applicationxtender workflow manager

Networker client

Networker module

Networker powersnap

Networker server

Networker storage node

Captiva pixtools distributed imaging

Homebase server

Rsa key manager client

Celerra network attached storage

Replication manager

Data protection advisor collector

Rsa adaptive authentication on-premise

Data loss prevention enterprise manager

Sourceone email management

Documentum eroom

Data protection advisor

Rsa key manager appliance

Documentum content server

Documentum xplore

Documentum information rights management

Documentum applicationxtender desktop

Captiva quickscan pro

Celerra network server

Applicationxtender desktop

Applicationxtender web access .net

Cloud tiering appliance virtual edition

Cloud tiering appliance

Rsa authentication agent

Rsa authentication client

Networker module for microsoft applications

Rsa data protection manager software server

Rsa data protection manager appliance

It operations intelligence

Rsa netwitness informer

Rsa archer egrc

Rsa archer smartsuite

Smarts network configuration manager

Smarts ip manager

Smarts mpls manager

Smarts network protocol manager

Smarts server manager

Smarts services assurance manager

Smarts voip availability manager

Documentum records manager

Documentum taskspace

Celerra control station

Vnx control station

Avamar server virtual edition

Documentum capital projects

Documentum digital asset manager

Documentum web publisher

Document sciences xpression

Rsa netwitness nextgen

Rsa security analytics

Connectrix manager

Documentum foundation services

Rsa bsafe ssl-j

Rsa data loss prevention

See all Products for Vendor EMC

Copyright 2024, cxsecurity.com