EMC CONFIDENTIAL SUBJECT TO NON-DISCLOSURE AGREEMENT/CONFIDENTIALITY PROVISIONS IN LICENSE AGREEMENT
Issue: SSL v3 CBC Poodle Bite (CVE-2014-3566), Windows Sandworm (CVE-2014-4114), Microsoft .Net (MS14-057) & multiple OpenSSL Vulnerabilities (OpenSSL)
References:
Resolution: RSA is aware of this issue and working with product organizations to investigate the issue and identify any impact. The impact of this vulnerability on RSA products may vary depending on the affected product.
Sandworm information:
RSA enVision is impacted by Sandworm and remediation is currently being investigated
Microsoft .Net (MS14-057) information:
Customers utilizing Archer Platform are urged to update .Net framework to the latest available security updates from Microsoft
This table will be updated as additional information becomes available.
RSA Product Name |
Versions |
Poodle Bite Impact | OpenSSL Impact |
Additional Information |
3D Secure |
ALL Supported |
Remediated | N/A |
|
Access Manager |
ALL Supported |
Not Impacted | Not Impacted |
|
Adaptive Authentication Hosted |
ALL Supported |
Remediated |
SSLv3 Disabled on 11/16 | |
Adaptive Authentication On Prem |
ALL Supported |
Not Impacted |
| |
Archer Hosted |
N/A |
Remediated |
N/A | Does not use OpenSSL |
Archer Platform |
ALL Supported |
Not Impacted | N/A |
Does not use OpenSSL |
Archer SecOps | ALL Supported | Investigating | ||
Archer Vulnerability & Risk Manager (VRM) |
ALL Supported |
Investigating |
| |
Authentication Manager Software Platform |
6.1 |
Not Impacted | Not Impacted |
|
Authentication Manager Software Platform | 7.1 | Impacted - Remediation under investigation | Not Impacted | |
Authentication Manager Appliance |
3.0 |
Impacted - Remediation under investigation | Not Impacted |
|
Authentication Manager Appliance | 8.0, 8.1, 8.2 | Not Impacted | Not Impacted | Includes Web Tier |
Authentication Manager Express |
1.0 |
Impacted - Remediation under investigation | Not Impacted |
|
BSAFE |
ALL Supported |
Not Impacted | Not Impacted |
|
Data Loss Protection |
ALL Supported |
Not Impacted | Not Impacted |
|
Data Protection Manager |
ALL Supported |
Not Impacted | Not Impacted |
|
Digital Certificate Server |
ALL Supported |
Not Impacted | Not Impacted |
|
ECAT |
ALL Supported |
Remediated | Not Impacted |
See Solution ID 28901 |
enVision |
ALL Supported |
Impacted - Remediation planned for future release | Not Impacted |
|
Federated Identity Manager |
ALL Supported |
Not Impacted |
| |
FraudAction |
ALL Supported |
Not Impacted |
| |
IMG (Aveksa) Hosted | ALL Supported | Not Impacted | Not Impacted | |
IMG (Aveksa) On-Prem Platform | ALL Supported | Not Impacted | Not Impacted | |
IMG (Aveksa) Appliance | ALL Supported | Remediated | See solution ID 29019 | |
IMG (Aveksa) StealthAudit | ALL Supported | Investigating | ||
Netwitness |
9.7.x, 9.8.x |
Remediated |
Resolved with Q3 Security Update | |
Netwitness Informer |
1.x |
Impacted - Remediation under investigation |
| |
RSA Live Infrastructure |
ALL Supported |
Remediated |
| |
SecurID 700 Hardware Token |
ALL Supported |
N/A | N/A |
|
SecurID 800 Hardware Token |
ALL Supported |
N/A | N/A |
|
SecurID Agent for PAM |
ALL Supported |
Not Impacted | Not Impacted |
|
SecurID Agent for UNIX |
ALL Supported |
Not Impacted | Not Impacted |
|
SecurID Agent for Web |
ALL Supported |
Not Impacted | Not Impacted |
|
SecurID Agent for Windows |
ALL Supported |
Not Impacted | Not Impacted |
|
SecurID Authentication Engine |
ALL Supported |
Not Impacted | Not Impacted |
|
SecurID Authentication SDK |
ALL Supported |
Not Impacted | Not Impacted |
|
SecurID Software Token Converter |
ALL Supported |
Not Impacted | Not Impacted |
|
SecurID Software Token for Android |
ALL Supported |
Not Impacted | Not Impacted |
|
SecurID Software Token for Blackberry |
ALL Supported |
Not Impacted | Not Impacted |
|
SecurID Software Token for Desktop |
ALL Supported |
Not Impacted | Not Impacted |
|
SecurID Software Token for iPhone |
ALL Supported |
Not Impacted | Not Impacted |
|
SecurID Software Token for Windows Mobile |
ALL Supported |
Not Impacted | Not Impacted |
|
SecurID Software Token Toolbar |
ALL Supported |
Not Impacted | Not Impacted |
|
SecurID Software Token Web SDK |
ALL Supported |
Not Impacted | Not Impacted |
|
SecurID Transaction SigningSDK |
ALL Supported |
Not Impacted | Not Impacted |
|
Security Analytics Platform Physical and Virtual Appliances |
10.0.x-10.4.x
|
Remediated | ||
Security Analytics Malware Analytics |
10.0.x-10.4.x |
Remediated | ||
Security Analytics Malware Cloud | N/A | Remediated | Not Impacted | |
Security Analytics (Windows Legacy Collector) |
10.0.x-10.4.x |
Investigating |
| |
Security Analytics Warehouse (DCA Pivotal) |
|
Remediated |
Pivotal patch available | |
Security Analytics Warehouse (MapR) |
|
Investigating |
| |
Spectrum |
1.x |
Impacted - Remediation under investigation |
| |
Web Threat Detection (Silvertail) |
ALL Supported |
Remediated |
|