Cyber Resilience

CVE-2014-3566

LowUpdated

Published: 15 October 2014

Published
15 October 2014
Modified
28 May 2026
KEV Added
Patch
CVSS Score v3.1 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
EPSS Score 1.0000 100.0th percentile
Risk Priority 80 floored blend · peak EPSS

Summary

CVE-2014-3566 is a low-severity Generation of Predictable IV with CBC Mode (CWE-329) vulnerability in Openssl Openssl. Its CVSS base score is 3.4 (Low).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

CWE(s)

Related Threats

CVEs Like This One

CVE-2014-6271Same product: Apple Mac Os X
CVE-2015-0235Same product: Apple Mac Os X
CVE-2014-0160Same product: Debian Debian Linux
CVE-2016-0800Same product: Openssl Openssl
CVE-2020-1472Same product: Debian Debian Linux
CVE-2017-13077Same product: Debian Debian Linux
CVE-2016-5195Same product: Debian Debian Linux
CVE-2007-1285Same product: Redhat Enterprise Linux Desktop
CVE-2023-5631Same product: Debian Debian Linux
CVE-2026-4775Same product: Debian Debian Linux

Affected Assets

redhat
enterprise linux
5
redhat
enterprise linux desktop
6.0, 7.0
redhat
enterprise linux desktop supplementary
5.0, 6.0
redhat
enterprise linux server
6.0, 7.0
redhat
enterprise linux server supplementary
5.0, 6.0, 7.0
redhat
enterprise linux workstation
6.0, 7.0
redhat
enterprise linux workstation supplementary
6.0, 7.0
ibm
aix
5.3, 6.1, 7.1
apple
mac os x
≤ 10.10.1
mageia
mageia
3.0, 4.0
+10 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References