Poodle Bite, Sandworm, .NET MS14-057, and other OpenSSL Vulnerabilities and Impact in RSA products
2 years ago
Originally Published: 2017-02-10
Article Number
000063411
Applies To
RSA Product Set: All
CVE Identifier(s)
CVE-2014-3566, CVE-2014-4144, CVE-2014-3567, CVE-2014-3568, CVE-2014-4073, CVE-2014-4121, CVE-2014-4122
Article Summary
EMC CONFIDENTIAL SUBJECT TO NON-DISCLOSURE AGREEMENT/CONFIDENTIALITY PROVISIONS IN LICENSE AGREEMENT

Issue

References

Resolution
RSA is aware of this issue and working with product organizations to investigate the issue and identify any impact. The impact of this vulnerability on RSA products may vary depending on the affected product.

Sandworm information

RSA enVision is impacted by Sandworm and remediation is currently being investigated.
 

Microsoft .Net (MS14-057) information

Customers utilizing the RSA Archer Platform are urged to update the .NET framework to the latest available security updates from Microsoft.

This table will be updated as additional information becomes available.
 
RSA Product NameVersionsPoodle Bite ImpactOpenSSL ImpactAdditional Information
3D SecureALL SupportedRemediatedN/A 
Access ManagerALL SupportedNot ImpactedNot Impacted 
Adaptive Authentication HostedALL SupportedRemediated SSLv3 Disabled on 11/16
Adaptive Authentication On PremALL SupportedNot Impacted  
Archer HostedN/ARemediatedN/ADoes not use OpenSSL
Archer PlatformALL SupportedNot ImpactedN/A Does not use OpenSSL
Archer SecOpsALL SupportedInvestigating  
Archer Vulnerability & Risk Manager (VRM)ALL SupportedInvestigating  
Authentication Manager Software Platform6.1Not ImpactedNot Impacted 
Authentication Manager Software Platform7.1Impacted - Remediation under investigationNot Impacted 
Authentication Manager Appliance3.0Impacted - Remediation under investigationNot Impacted 
Authentication Manager Appliance8.0, 8.1, 8.2Not ImpactedNot ImpactedIncludes Web Tier
Authentication Manager Express1.0Impacted - Remediation under investigationNot Impacted 
BSAFEALL SupportedNot ImpactedNot Impacted 
Data Loss ProtectionALL SupportedNot ImpactedNot Impacted 
Data Protection ManagerALL SupportedNot ImpactedNot Impacted 
Digital Certificate ServerALL SupportedNot ImpactedNot Impacted 
ECATALL SupportedRemediatedNot Impacted See Solution ID 28901
enVisionALL SupportedImpacted - Remediation planned for future releaseNot Impacted 
Federated Identity ManagerALL SupportedNot Impacted  
FraudActionALL SupportedNot Impacted  
IMG (Aveksa) HostedALL SupportedNot ImpactedNot Impacted 
IMG (Aveksa) On-Prem PlatformALL SupportedNot ImpactedNot Impacted 
IMG (Aveksa) ApplianceALL SupportedRemediated See solution ID 29019
IMG (Aveksa) StealthAuditALL SupportedInvestigating  
Netwitness9.7.x, 9.8.xRemediated Resolved with Q3 Security Update
EL5 platform must upgrade to EL6
Netwitness Informer1.xImpacted - Remediation under investigation  
RSA Live InfrastructureALL SupportedRemediated  
SecurID 700 Hardware TokenALL SupportedN/AN/A 
SecurID 800 Hardware TokenALL SupportedN/AN/A 
SecurID Agent for PAMALL SupportedNot ImpactedNot Impacted 
SecurID Agent for UNIXALL SupportedNot ImpactedNot Impacted 
SecurID Agent for WebALL SupportedNot ImpactedNot Impacted 
SecurID Agent for WindowsALL SupportedNot ImpactedNot Impacted 
SecurID Authentication EngineALL SupportedNot ImpactedNot Impacted 
SecurID Authentication SDKALL SupportedNot ImpactedNot Impacted 
SecurID Software Token ConverterALL SupportedNot ImpactedNot Impacted 
SecurID Software Token for AndroidALL SupportedNot ImpactedNot Impacted 
SecurID Software Token for BlackberryALL SupportedNot ImpactedNot Impacted 
SecurID Software Token for DesktopALL SupportedNot ImpactedNot Impacted 
SecurID Software Token for iPhoneALL SupportedNot ImpactedNot Impacted 
SecurID Software Token for Windows MobileALL SupportedNot ImpactedNot Impacted 
SecurID Software Token ToolbarALL SupportedNot ImpactedNot Impacted 
SecurID Software Token Web SDKALL SupportedNot ImpactedNot Impacted 
SecurID Transaction SigningSDKALL SupportedNot ImpactedNot Impacted 
Security Analytics Platform
Physical and Virtual Appliances		10.0.x-10.4.x
 		Remediated Resolved with Q3 Security Update
Security Analytics Malware Analytics10.0.x-10.4.xRemediated  Resolved with Q3 Security Update
Security Analytics Malware CloudN/ARemediatedNot Impacted 
Security Analytics (Windows Legacy Collector)10.0.x-10.4.xInvestigating  
Security Analytics Warehouse (DCA Pivotal) Remediated  Pivotal patch available
Security Analytics Warehouse (MapR) Investigating  
Spectrum1.xImpacted - Remediation under investigation  
Web Threat Detection (Silvertail)ALL SupportedRemediated  
Disclaimer
Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact RSA Software Technical Support at 1- 800 995 5095. RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, EMC Corporation, distributes RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided 'as is' without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall RSA, its affiliates or suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Related Articles

Trending Articles

Don't see what you're looking for?