000034814 - Poodle Bite, Sandworm, .NET MS14-057, and other OpenSSL Vulnerabilities and Impact in RSA products

Document created by RSA Customer Support Employee on May 22, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000034814
Applies ToRSA Product Set: All
CVE IDCVE-2014-3566, CVE-2014-4144, CVE-2014-3567, CVE-2014-3568, CVE-2014-4073, CVE-2014-4121, CVE-2014-4122
Article SummaryEMC CONFIDENTIAL SUBJECT TO NON-DISCLOSURE AGREEMENT/CONFIDENTIALITY PROVISIONS IN LICENSE AGREEMENT

Issue


References


ResolutionRSA is aware of this issue and working with product organizations to investigate the issue and identify any impact. The impact of this vulnerability on RSA products may vary depending on the affected product.

Sandworm information


RSA enVision is impacted by Sandworm and remediation is currently being investigated.
 

Microsoft .Net (MS14-057) information


Customers utilizing the RSA Archer Platform are urged to update the .NET framework to the latest available security updates from Microsoft.
This table will be updated as additional information becomes available.
 
RSA Product NameVersionsPoodle Bite ImpactOpenSSL ImpactAdditional Information
3D SecureALL SupportedRemediatedN/A 
Access ManagerALL SupportedNot ImpactedNot Impacted 
Adaptive Authentication HostedALL SupportedRemediated SSLv3 Disabled on 11/16
Adaptive Authentication On PremALL SupportedNot Impacted  
Archer HostedN/ARemediatedN/ADoes not use OpenSSL
Archer PlatformALL SupportedNot ImpactedN/A Does not use OpenSSL
Archer SecOpsALL SupportedInvestigating  
Archer Vulnerability & Risk Manager (VRM)ALL SupportedInvestigating  
Authentication Manager Software Platform6.1Not ImpactedNot Impacted 
Authentication Manager Software Platform7.1Impacted - Remediation under investigationNot Impacted 
Authentication Manager Appliance3.0Impacted - Remediation under investigationNot Impacted 
Authentication Manager Appliance8.0, 8.1, 8.2Not ImpactedNot ImpactedIncludes Web Tier
Authentication Manager Express1.0Impacted - Remediation under investigationNot Impacted 
BSAFEALL SupportedNot ImpactedNot Impacted 
Data Loss ProtectionALL SupportedNot ImpactedNot Impacted 
Data Protection ManagerALL SupportedNot ImpactedNot Impacted 
Digital Certificate ServerALL SupportedNot ImpactedNot Impacted 
ECATALL SupportedRemediatedNot Impacted See Solution ID 28901
enVisionALL SupportedImpacted - Remediation planned for future releaseNot Impacted 
Federated Identity ManagerALL SupportedNot Impacted  
FraudActionALL SupportedNot Impacted  
IMG (Aveksa) HostedALL SupportedNot ImpactedNot Impacted 
IMG (Aveksa) On-Prem PlatformALL SupportedNot ImpactedNot Impacted 
IMG (Aveksa) ApplianceALL SupportedRemediated See solution ID 29019
IMG (Aveksa) StealthAuditALL SupportedInvestigating  
Netwitness9.7.x, 9.8.xRemediated Resolved with Q3 Security Update
   EL5 platform must upgrade to EL6
Netwitness Informer1.xImpacted - Remediation under investigation  
RSA Live InfrastructureALL SupportedRemediated  
SecurID 700 Hardware TokenALL SupportedN/AN/A 
SecurID 800 Hardware TokenALL SupportedN/AN/A 
SecurID Agent for PAMALL SupportedNot ImpactedNot Impacted 
SecurID Agent for UNIXALL SupportedNot ImpactedNot Impacted 
SecurID Agent for WebALL SupportedNot ImpactedNot Impacted 
SecurID Agent for WindowsALL SupportedNot ImpactedNot Impacted 
SecurID Authentication EngineALL SupportedNot ImpactedNot Impacted 
SecurID Authentication SDKALL SupportedNot ImpactedNot Impacted 
SecurID Software Token ConverterALL SupportedNot ImpactedNot Impacted 
SecurID Software Token for AndroidALL SupportedNot ImpactedNot Impacted 
SecurID Software Token for BlackberryALL SupportedNot ImpactedNot Impacted 
SecurID Software Token for DesktopALL SupportedNot ImpactedNot Impacted 
SecurID Software Token for iPhoneALL SupportedNot ImpactedNot Impacted 
SecurID Software Token for Windows MobileALL SupportedNot ImpactedNot Impacted 
SecurID Software Token ToolbarALL SupportedNot ImpactedNot Impacted 
SecurID Software Token Web SDKALL SupportedNot ImpactedNot Impacted 
SecurID Transaction SigningSDKALL SupportedNot ImpactedNot Impacted 
Security Analytics Platform
   Physical and Virtual Appliances
10.0.x-10.4.x
    
Remediated Resolved with Q3 Security Update
Security Analytics Malware Analytics10.0.x-10.4.xRemediated  Resolved with Q3 Security Update
Security Analytics Malware CloudN/ARemediatedNot Impacted 
Security Analytics (Windows Legacy Collector)10.0.x-10.4.xInvestigating  
Security Analytics Warehouse (DCA Pivotal) Remediated  Pivotal patch available
Security Analytics Warehouse (MapR) Investigating  
Spectrum1.xImpacted - Remediation under investigation  
Web Threat Detection (Silvertail)ALL SupportedRemediated  

 

Disclaimer

Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact RSA Software Technical Support at 1- 800 995 5095. RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, EMC Corporation, distributes RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided 'as is' without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall RSA, its affiliates or suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Attachments

    Outcomes