7.5

CVE-2001-1105

RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoIcdn Version2.0
DellBsafe Ssl-j Version3.0
DellBsafe Ssl-j Version3.0.1
DellBsafe Ssl-j Version3.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.63% 0.836
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.ciac.org/ciac/bulletins/l-141.shtml
Patch
Vendor Advisory
http://www.cisco.com/warp/public/707/SSL-J-pub.html
http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html
http://www.securityfocus.com/bid/3329
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7112