CVE-2019-3731
30.09.2019, 22:15
RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.Enginsight
| Vendor | Product | Version |
|---|---|---|
| dell | bsafe_crypto-c-micro-edition | 𝑥 < 4.1.4 |
| dell | bsafe_micro-edition-suite | 4.0.0 ≤ 𝑥 < 4.0.13 |
| dell | bsafe_micro-edition-suite | 4.1.0 ≤ 𝑥 < 4.4.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-310 -
- CWE-203 - Observable DiscrepancyThe product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.