Code injection

2016-09-1802:59:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.1%

JSON

The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used.

CPENameOperatorVersion
bsafege4.1.0
bsafelt4.1.5
bsafege4.0.0
bsafelt4.0.9

Name	Operator	Version
bsafe	ge	4.1.0
bsafe	lt	4.1.5
bsafe	ge	4.0.0
bsafe	lt	4.0.9

References

seclists.org/bugtraq/2016/Sep/25

www.securityfocus.com/bid/92994

www.securitytracker.com/id/1036835