CVE-2015-0543

Published: Jul 5, 2015Modified: May 6, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Affected (3)

Products: Emc: Secure Remote Services

Emc

1 product

Secure Remote Services

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Emc Secure Remote Services	Version 3.02
Emc Secure Remote Services	Version 3.03
Emc Secure Remote Services	Version 3.04

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://seclists.org/bugtraq/2015/Jun/132

Source: security_alert@emc.com

http://www.securitytracker.com/id/1032740

Source: security_alert@emc.com

http://seclists.org/bugtraq/2015/Jun/132

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032740

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.