CVE-2019-3731

Published: Sep 30, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

Affected (3)

Products: Dell: Bsafe Crypto C Micro Edition, Bsafe Micro Edition Suite

2 products

Bsafe Crypto C Micro Edition

Bsafe Micro Edition Suite

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Dell Bsafe Crypto C Micro Edition	Before 4.1.4
Dell Bsafe Micro Edition Suite	From 4.0.0 to 4.0.13
Dell Bsafe Micro Edition Suite	From 4.1.0 to 4.4.0

Related CWEs

Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (2)

https://www.dell.com/support/kbdoc/000194054

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/000194054

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.