CVE-2016-0923

The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
dellbsafe
4.0.0 ≤
𝑥
< 4.0.9
dellbsafe
4.1.0 ≤
𝑥
< 4.1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/bugtraq/2016/Sep/25
http://www.securityfocus.com/bid/92994
http://www.securitytracker.com/id/1036835
http://seclists.org/bugtraq/2016/Sep/25
http://www.securityfocus.com/bid/92994
http://www.securitytracker.com/id/1036835