CVE-2019-3732

HIGH

RSA BSAFE Crypto-C Micro Edition < 4.0.5.3 and 4.1.x < 4.1.3.3 - Information Exposure Through Timing Discrepancy

Title source: llm
STIX 2.1

Description

RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.dell.com/support/kbdoc/000194054

Scores

CVSS v3 7.5
EPSS 0.0141
EPSS Percentile 69.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-203 CWE-385
Status published
Products (3)
dell/bsafe_crypto-c-micro-edition 4.0 - 4.0.5.3
dell/bsafe_micro-edition-suite 4.0.0 - 4.0.11
emc/rsa_bsafe_crypto-c 4.1 - 4.1.3.3
Published Sep 30, 2019
Tracked Since Feb 18, 2026