CVE-2014-3566
LowUpdated
Published: 15 October 2014
Published
15 October 2014
Modified
28 May 2026
KEV Added
—
Patch
—
CVSS Score v3.1
3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
EPSS Score
1.0000
100.0th percentile
Summary
CVE-2014-3566 is a low-severity Generation of Predictable IV with CBC Mode (CWE-329) vulnerability in Openssl Openssl. Its CVSS base score is 3.4 (Low).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2014-3547
Vulnerability details
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
- CWE(s)
Related Threats
CVEs Like This One
CVE-2014-6271Same product: Apple Mac Os X
CVE-2015-0235Same product: Apple Mac Os X
CVE-2014-0160Same product: Debian Debian Linux
CVE-2016-0800Same product: Openssl Openssl
CVE-2020-1472Same product: Debian Debian Linux
CVE-2017-13077Same product: Debian Debian Linux
CVE-2016-5195Same product: Debian Debian Linux
CVE-2007-1285Same product: Redhat Enterprise Linux Desktop
CVE-2023-5631Same product: Debian Debian Linux
CVE-2026-4775Same product: Debian Debian Linux
Affected Assets
redhat
enterprise linux
5
redhat
enterprise linux desktop
6.0, 7.0
redhat
enterprise linux desktop supplementary
5.0, 6.0
redhat
enterprise linux server
6.0, 7.0
redhat
enterprise linux server supplementary
5.0, 6.0, 7.0
redhat
enterprise linux workstation
6.0, 7.0
redhat
enterprise linux workstation supplementary
6.0, 7.0
ibm
aix
5.3, 6.1, 7.1
apple
mac os x
≤ 10.10.1
mageia
mageia
3.0, 4.0
+10 more product configuration(s) — see NVD for full list
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.