Lucene search

[email protected]CVE-2019-3732

HistorySep 30, 2019 - 10:15 p.m.

CVE-2019-3732

2019-09-3022:15:10

CWE-385

CWE-203

[email protected]

web.nvd.nist.gov

cve-2019-3732

rsa bsafe

crypto-c micro edition

rsa micro edition suite

information exposure

timing discrepancy

vulnerability

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.4%

JSON

RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

Affected configurations

NVD

Node

dellbsafe_crypto-c-micro-editionRange4.0–4.0.5.3

dellbsafe_micro-edition-suiteRange4.0.0–4.0.11

dellbsafe_micro-edition-suiteRange4.1.0–4.1.6.1

dellbsafe_micro-edition-suiteRange4.2.0–4.3.3

emcrsa_bsafe_crypto-cRange4.1–4.1.3.3micro_edition

CPENameOperatorVersion
dell:bsafe_crypto-c-micro-editiondell bsafe crypto-c-micro-editionlt4.0.5.3
dell:bsafe_micro-edition-suitedell bsafe micro-edition-suitelt4.0.11
dell:bsafe_micro-edition-suitedell bsafe micro-edition-suitelt4.1.6.1
dell:bsafe_micro-edition-suitedell bsafe micro-edition-suitelt4.3.3
emc:rsa_bsafe_crypto-cemc rsa bsafe crypto-clt4.1.3.3

CPE	Name	Operator	Version
dell:bsafe_crypto-c-micro-edition	dell bsafe crypto-c-micro-edition	lt	4.0.5.3
dell:bsafe_micro-edition-suite	dell bsafe micro-edition-suite	lt	4.0.11
dell:bsafe_micro-edition-suite	dell bsafe micro-edition-suite	lt	4.1.6.1
dell:bsafe_micro-edition-suite	dell bsafe micro-edition-suite	lt	4.3.3
emc:rsa_bsafe_crypto-c	emc rsa bsafe crypto-c	lt	4.1.3.3

CNA Affected

[
  {
    "product": "RSA BSAFE Crypto-C Micro Edition",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "4.1.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "RSA BSAFE MES",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "4.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000194054

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.4%

JSON

Related for CVE-2019-3732

nvd1 cvelist1 prion1