000017285 - Poodle Bite  Sandworm  .Net MS14-057  OpenSSL Vulnerabilities and Impact in RSA products

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000017285
Applies ToMicrosoft .Net
Sandworm
CVE-2014-6271
Poodle Bite
OpenSSL
SSL v3
SSL v3 CBC
IssuePoodle Bite Vulnerability in RSA products
.Net Vulnerability in RSA products
Sandworm Vulnerability in RSA products
OpenSSL Vulnerability in RSA products
Cause

EMC CONFIDENTIAL SUBJECT TO NON-DISCLOSURE AGREEMENT/CONFIDENTIALITY PROVISIONS IN LICENSE AGREEMENT


Issue: SSL v3 CBC Poodle Bite (CVE-2014-3566), Windows Sandworm (CVE-2014-4114), Microsoft .Net (MS14-057) & multiple OpenSSL Vulnerabilities (OpenSSL)


 

References:


Resolution

Resolution: RSA is aware of this issue and working with product organizations to investigate the issue and identify any impact. The impact of this vulnerability on RSA products may vary depending on the affected product.
Sandworm information:
RSA enVision is impacted by Sandworm and remediation is currently being investigated
 
Microsoft .Net (MS14-057) information:
Customers utilizing Archer Platform are urged to update .Net framework to the latest available security updates from Microsoft
 


This table will be updated as additional information becomes available.



  

RSA Product Name


  

  

Versions


  

  

Poodle Bite Impact


  
OpenSSL Impact
  

Additional Information


  

  

3D Secure


  

  

ALL Supported


  

  

Remediated


  
N/A
  

 


  

  

Access Manager


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

Adaptive Authentication Hosted


  

  

ALL Supported


  

  

Remediated


  
 
  

SSLv3 Disabled on 11/16


  

  

Adaptive Authentication On Prem


  

  

ALL Supported


  

  

Not Impacted


  
 
  

 


  

  

Archer Hosted


  

  

N/A


  

  

Remediated


  

  

N/A


  
Does not use OpenSSL

  

Archer Platform


  

  

ALL Supported


  

  

Not Impacted


  
N/A
  

 Does not use OpenSSL


  
Archer SecOpsALL SupportedInvestigating  

  

Archer Vulnerability & Risk Manager (VRM)


  

  

ALL Supported


  

  

Investigating


  
 
  

 


  

  

Authentication Manager Software Platform


  

  

6.1


  

  

Not Impacted


  
Not Impacted
  

 


  
Authentication Manager Software Platform7.1Impacted - Remediation under investigationNot Impacted 

  

Authentication Manager Appliance


  

  

3.0


  

  

Impacted - Remediation under investigation


  
Not Impacted
  

 


  
Authentication Manager Appliance8.0, 8.1, 8.2Not ImpactedNot ImpactedIncludes Web Tier

  

Authentication Manager Express


  

  

1.0


  

  

Impacted - Remediation under investigation


  
Not Impacted
  

 


  

  

BSAFE


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

Data Loss Protection


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

Data Protection Manager


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

Digital Certificate Server


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

ECAT


  

  

ALL Supported


  

  

Remediated


  
Not Impacted
  

 See Solution ID 28901


  

  

enVision


  

  

ALL Supported


  

  

Impacted - Remediation planned for future release


  
Not Impacted
  

 


  

  

Federated Identity Manager


  

  

ALL Supported


  

  

Not Impacted


  
 
  

 


  

  

FraudAction


  

  

ALL Supported


  

  

Not Impacted


  
 
  

 


  
IMG (Aveksa) HostedALL SupportedNot ImpactedNot Impacted 
IMG (Aveksa) On-Prem PlatformALL SupportedNot ImpactedNot Impacted 
IMG (Aveksa) ApplianceALL SupportedRemediated See solution ID 29019
IMG (Aveksa) StealthAuditALL SupportedInvestigating  

  

Netwitness


  

  

9.7.x, 9.8.x


  

  

Remediated


  
 
  

Resolved with Q3 Security Update
   EL5 platform must upgrade to EL6


  

  

Netwitness Informer


  

  

1.x


  

  

Impacted - Remediation under investigation


  
 
  

 


  

  

RSA Live Infrastructure


  

  

ALL Supported


  

  

Remediated


  
 
  

 


  

  

SecurID 700 Hardware Token


  

  

ALL Supported


  

  

N/A


  
N/A
  

 


  

  

SecurID 800 Hardware Token


  

  

ALL Supported


  

  

N/A


  
N/A
  

 


  

  

SecurID Agent for PAM


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

SecurID Agent for UNIX


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

SecurID Agent for Web


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

SecurID Agent for Windows


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

SecurID Authentication Engine


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

SecurID Authentication SDK


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

SecurID Software Token Converter


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

SecurID Software Token for Android


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

SecurID Software Token for Blackberry


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

SecurID Software Token for Desktop


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

SecurID Software Token for iPhone


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

SecurID Software Token for Windows Mobile


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

SecurID Software Token Toolbar


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

SecurID Software Token Web SDK


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

SecurID Transaction SigningSDK


  

  

ALL Supported


  

  

Not Impacted


  
Not Impacted
  

 


  

  

Security Analytics Platform


  

Physical and Virtual Appliances


  

  

10.0.x-10.4.x


  

 


  

  

Remediated


  
 
  

Resolved with Q3 Security Update


  

  

Security Analytics Malware Analytics


  

  

10.0.x-10.4.x


  

  

Remediated


  
 
  

 Resolved with Q3 Security Update


  
Security Analytics Malware CloudN/ARemediatedNot Impacted 

  

Security Analytics (Windows Legacy Collector)


  

  

10.0.x-10.4.x


  

  

Investigating


  
 
  

 


  

  

Security Analytics Warehouse (DCA Pivotal)


  

  

 


  

  

Remediated


  
 
  

 Pivotal patch available


  

  

Security Analytics Warehouse (MapR)


  

  

 


  

  

Investigating


  
 
  

 


  

  

Spectrum


  

  

1.x


  

  

Impacted - Remediation under investigation


  
 
  

 


  

  

Web Threat Detection (Silvertail)


  

  

ALL Supported


  

  

Remediated


  
 
  

 


  

 

Workaround
 
Legacy Article IDa68262

Attachments

    Outcomes