CVE-2019-3732
HIGHRSA BSAFE Crypto-C Micro Edition < 4.0.5.3 and 4.1.x < 4.1.3.3 - Information Exposure Through Timing Discrepancy
Title source: llmDescription
RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.dell.com/support/kbdoc/000194054
Scores
CVSS v3
7.5
EPSS
0.0031
EPSS Percentile
54.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-385
CWE-203
Status
published
Products (3)
dell/bsafe_crypto-c-micro-edition
4.0 - 4.0.5.3
dell/bsafe_micro-edition-suite
4.0.0 - 4.0.11
emc/rsa_bsafe_crypto-c
4.1 - 4.1.3.3
Published
Sep 30, 2019
Tracked Since
Feb 18, 2026