Lucene search

[email protected]CVE-2001-1105

HistorySep 12, 2001 - 4:00 a.m.

CVE-2001-1105

2001-09-1204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2001-1105

rsa bsafe ssl-j

cisco icnd 2.0

ssl client authentication

data breach

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

75.0%

JSON

RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.

CPENameOperatorVersion
cisco:icdncisco icdneq2.0
dell:bsafe_ssl-jdell bsafe ssl-jeq3.0
dell:bsafe_ssl-jdell bsafe ssl-jeq3.0.1
dell:bsafe_ssl-jdell bsafe ssl-jeq3.1

CPE	Name	Operator	Version
cisco:icdn	cisco icdn	eq	2.0
dell:bsafe_ssl-j	dell bsafe ssl-j	eq	3.0
dell:bsafe_ssl-j	dell bsafe ssl-j	eq	3.0.1
dell:bsafe_ssl-j	dell bsafe ssl-j	eq	3.1

References

www.ciac.org/ciac/bulletins/l-141.shtml

www.cisco.com/warp/public/707/SSL-J-pub.html

www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html

www.securityfocus.com/bid/3329

exchange.xforce.ibmcloud.com/vulnerabilities/7112

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

75.0%

JSON

Related for CVE-2001-1105

cvelist1