Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-24409

Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date.

Published

2022-02-23T22:15:07.647

Last Modified

2024-11-21T06:50:21.640

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-385
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dell	bsafe_ssl-j	< 6.4	Yes

References

https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel Vendor Advisory ([email protected])
https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)