Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-3732

RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

Published

2019-09-30T22:15:10.623

Last Modified

2024-11-21T04:42:25.547

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-385
Type: Primary
CWE-203

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dell	bsafe_crypto-c-micro-edition	< 4.0.5.3	Yes
Application	dell	bsafe_micro-edition-suite	< 4.0.11	Yes
Application	dell	bsafe_micro-edition-suite	< 4.1.6.1	Yes
Application	dell	bsafe_micro-edition-suite	< 4.3.3	Yes
Application	emc	rsa_bsafe_crypto-c	< 4.1.3.3	Yes

References

https://www.dell.com/support/kbdoc/000194054 Vendor Advisory ([email protected])
https://www.dell.com/support/kbdoc/000194054 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)