OpenSSL Multiple Vulnerabilities in RSA products
Originally Published: 2014-06-06
Article Number
Applies To
Vulnerability
Issue
OpenSSL Multiple Vulnerabilities in RSA products
Cause
EMC CONFIDENTIAL ? SUBJECT TO CONFIDENTIALITY PROVISIONS IN LICENSE AGREEMENT
Impact: The OpenSSL project released a security advisory on June 5, 2014 disclosing multiple vulnerabilities in OpenSSL. It can be found at
https://www.openssl.org/news/secadv_20140605.txt
These issues have the following CVEs:
-
SSL/TLS MITM vulnerability - CVE-2014-0224
-
DTLS recursion flaw - CVE-2014-0221
-
DTLS invalid fragment vulnerability - CVE-2014-0195
-
SSL_MODE_RELEASE_BUFFERS NULL pointer deference - CVE-2014-0198
-
SSL_MODE_RELEASE_BUFFERS session injection or denial of service - CVE-2010-5298
-
Anonymous ECDH denial of service - CVE-2014-3470
-
FLUSH+RELOAD cache side-channel attack - CVE-2014-0076
These issues apply to:
-
OpenSSL versions prior to 0.9.8za
-
OpenSSL version 1.0.0 prior to version 1.0.0m
- OpenSSL version 1.0.1 prior to version 1.0.1h
Resolution
Resolution: RSA is aware of this issue and working with product organizations to investigate the issue and identify the impact. The impact of these
vulnerabilities on RSA products may vary depending on the affected product.
This table will be updated as additional information becomes available.
| RSA Product Name | Versions | Impact | Comment |
| 3D Secure | ALL Supported | No Impact | |
| Access Manager | ALL Supported | No Impact | |
| Adaptive Authentication Hosted | ALL Supported | No Impact | |
| Adaptive Authentication On Prem | ALL Supported | No Impact | |
| Archer | ALL Supported | No Impact | |
| Authentication Manager | 5.x,6.x,7.x | No Impact | |
| Authentication Manager | 8.x | Impacted | Only customers with Read-Only DB access are impacted and at low risk |
| Aveksa | ALL Supported | No Impact | |
| Aveksa StealthAUDIT | Impacted | Remediation plan in progress | |
| BSAFE | ALL Supported | No Impact | |
| Data Loss Protection | 9.6.x | Impacted | Remediation plan in progress |
| Data Protection Manager | ALL Supported | No Impact | |
| Digital Certificate Server | ALL Supported | No Impact | |
| ECAT | ALL Supported | No Impact | |
| enVision | ALL Supported | No Impact | |
| Federated Identity Manager | ALL Supported | No Impact | |
| FraudAction | ALL Supported | No Impact | |
| Netwitness | 9.6, 9.7 | No Impact | |
| Netwitness | 9.8.x | Impacted | Remediation plan in progress |
| RSA Live Infrastructure | ALL Supported | Impacted | Remediated |
| SecurID 700 Hardware Token | ALL Supported | No Impact | |
| SecurID 800 Hardware Token | ALL Supported | No Impact | |
| SecurID Agent for PAM | ALL Supported | No Impact | |
| SecurID Agent for UNIX | ALL Supported | No Impact | |
| SecurID Agent for Web | ALL Supported | No Impact | |
| SecurID Agent for Windows | ALL Supported | No Impact | |
| SecurID Authentication Client | ALL Supported | No Impact | |
| SecurID Authentication Engine | ALL Supported | No Impact | |
| SecurID Authentication SDK | ALL Supported | No Impact | |
| SecurID Software Token Converter | ALL Supported | No Impact | |
| SecurID Software Token for Android | ALL Supported | No Impact | |
| SecurID Software Token for Blackberry | ALL Supported | No Impact | |
| SecurID Software Token for Desktop | ALL Supported | No Impact | |
| SecurID Software Token for iPhone | ALL Supported | No Impact | |
| SecurID Software Token for Windows Mobile | ALL Supported | No Impact | |
| SecurID Software Token Toolbar | ALL Supported | No Impact | |
| SecurID Software Token Web SDK | ALL Supported | No Impact | |
| SecurID Transaction Signing SDK | ALL Supported | No Impact | |
| Security Analytics | 10.0.x-10.3.x |
Impacted | Remediation plan in progress |
| Security Analytics (Windows Legacy Collector) | ALL Supported | Impacted | Remediation plan in progress |
| Web Threat Detection (Silvertail) | ALL Supported | No Impact |
Related Articles
RSA Authentication Manager 8.2 Multiple Vulnerabilities - False Positive Number of Views RSA Authentication Manager Multiple Vulnerabilities in PostgreSQL - False Positive Number of Views Multiple Apache Tomcat Vulnerabilities in RSA Authentication Manager - False Positive Number of Views RSA Authentication Manager 8.2 Multiple OpenSSL Vulnerabilities - False Positive Number of Views OpenSSL Heartbeat Vulnerability (Heartbleed) in RSA products Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
Don't see what you're looking for?
