cvelistv5 - cve-2020-35164

CVE-2020-35164 (GCVE-0-2020-35164)

Vulnerability from cvelistv5 – Published: 2022-07-11 19:25 – Updated: 2024-09-16 20:51

Summary

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

Severity ?

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-385 - Covert Timing Channel

Assigner

dell

References

URL

Tags

	https://www.dell.com/support/kbdoc/en-us/00018111…	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Dell	Dell BSAFE Crypto-C Micro Edition	Affected: unspecified , < 4.1.5 and 4.6 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:55:10.706Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Dell BSAFE Crypto-C Micro Edition",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "4.1.5 and 4.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-07-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-385",
              "description": "CWE-385: Covert Timing Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:18:56",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2020-07-06",
          "ID": "CVE-2020-35164",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Dell BSAFE Crypto-C Micro Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.1.5 and 4.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 6.7,
            "baseSeverity": "Medium",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-385: Covert Timing Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities",
              "refsource": "MISC",
              "url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2020-35164",
    "datePublished": "2022-07-11T19:25:40.941373Z",
    "dateReserved": "2020-12-11T00:00:00",
    "dateUpdated": "2024-09-16T20:51:39.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.1.5\", \"matchCriteriaId\": \"6C3D1B15-8F35-4976-8BA0-35816ECE6A92\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.6\", \"matchCriteriaId\": \"4AA9AC46-4B4A-4776-A15D-42A0AF64D64E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"89FE33CE-5995-4C53-8331-B49156F852B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"C1E05472-8F3A-4E46-90E5-50EA6D555FDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"02E34416-E767-4F61-8D2C-0D0202351F91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFC79B17-E9D2-44D5-93ED-2F959E7A3D43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD04BEE5-E9A8-4584-A68C-0195CE9C402C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FD166F7-8A83-4BC7-A392-E830E87F841B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D345C2D3-6AA5-4573-8397-ED1EB0153DB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A4AE8A2-62D9-4C08-A608-A057895E4E46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E29C004-51D7-4BBE-B28A-EE6B7B10F89F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Dell BSAFE Crypto-C Micro Edition, versiones anteriores a la 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a la 4.6, contienen una vulnerabilidad de discrepancia de tiempo observable\"}]",
      "id": "CVE-2020-35164",
      "lastModified": "2024-11-21T05:26:52.947",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.4, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-07-11T20:15:08.330",
      "references": "[{\"url\": \"https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-385\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-35164\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2022-07-11T20:15:08.330\",\"lastModified\":\"2024-11-21T05:26:52.947\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.\"},{\"lang\":\"es\",\"value\":\"Dell BSAFE Crypto-C Micro Edition, versiones anteriores a la 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a la 4.6, contienen una vulnerabilidad de discrepancia de tiempo observable\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.4,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-385\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.5\",\"matchCriteriaId\":\"6C3D1B15-8F35-4976-8BA0-35816ECE6A92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.6\",\"matchCriteriaId\":\"4AA9AC46-4B4A-4776-A15D-42A0AF64D64E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"89FE33CE-5995-4C53-8331-B49156F852B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"C1E05472-8F3A-4E46-90E5-50EA6D555FDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"02E34416-E767-4F61-8D2C-0D0202351F91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFC79B17-E9D2-44D5-93ED-2F959E7A3D43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD04BEE5-E9A8-4584-A68C-0195CE9C402C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FD166F7-8A83-4BC7-A392-E830E87F841B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D345C2D3-6AA5-4573-8397-ED1EB0153DB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A4AE8A2-62D9-4C08-A608-A057895E4E46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E29C004-51D7-4BBE-B28A-EE6B7B10F89F\"}]}]}],\"references\":[{\"url\":\"https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

GSD-2020-35164

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

Aliases

CVE-2020-35164

Aliases

CVE-2020-35164

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-35164",
    "description": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,\r\nversions before 4.6, contain an Observable Timing Discrepancy Vulnerability.",
    "id": "GSD-2020-35164"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-35164"
      ],
      "details": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.",
      "id": "GSD-2020-35164",
      "modified": "2023-12-13T01:22:01.181974Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@dell.com",
        "DATE_PUBLIC": "2020-07-06",
        "ID": "CVE-2020-35164",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Dell BSAFE Crypto-C Micro Edition",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "4.1.5 and 4.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Dell"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": 6.7,
          "baseSeverity": "Medium",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-385: Covert Timing Channel"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities",
            "refsource": "MISC",
            "url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.1.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2020-35164"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
            },
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-10-06T16:07Z",
      "publishedDate": "2022-07-11T20:15Z"
    }
  }
}

VAR-202207-0580

Vulnerability from variot - Updated: 2023-12-18 13:11

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0580",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19c"
      },
      {
        "model": "bsafe micro-edition-suite",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "dell",
        "version": "4.6"
      },
      {
        "model": "security service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "weblogic server proxy plug-in",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21c"
      },
      {
        "model": "bsafe crypto-c-micro-edition",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "dell",
        "version": "4.1.5"
      },
      {
        "model": "weblogic server proxy plug-in",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.0.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "security service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "oracle security service",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30aa\u30e9\u30af\u30eb",
        "version": null
      },
      {
        "model": "oracle database",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30aa\u30e9\u30af\u30eb",
        "version": null
      },
      {
        "model": "bsafe crypto-c micro edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30c7\u30eb",
        "version": null
      },
      {
        "model": "bsafe micro edition suite",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30c7\u30eb",
        "version": null
      },
      {
        "model": "oracle weblogic server proxy plug-in",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30aa\u30e9\u30af\u30eb",
        "version": null
      },
      {
        "model": "oracle http server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30aa\u30e9\u30af\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016809"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-35164"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.1.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-35164"
      }
    ]
  },
  "cve": "CVE-2020-35164",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2020-35164",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-377255",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "security_alert@emc.com",
            "availabilityImpact": "NONE",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.4,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.1,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-35164",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-35164",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "security_alert@emc.com",
            "id": "CVE-2020-35164",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202207-833",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-377255",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-35164",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-377255"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-35164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016809"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-35164"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-35164"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-833"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-35164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016809"
      },
      {
        "db": "VULHUB",
        "id": "VHN-377255"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-35164"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-35164",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016809",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-833",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-84615",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-377255",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-35164",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-377255"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-35164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016809"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-35164"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-833"
      }
    ]
  },
  "id": "VAR-202207-0580",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-377255"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:11:57.330000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0July\u00a02022 Dell Security\u00a0Advisory",
        "trust": 0.8,
        "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
      },
      {
        "title": "Dell BSAFE Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=200705"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016809"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-833"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "others (CWE-Other) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016809"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-35164"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35164"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2020-35164/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-july-2022-38855"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-377255"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-35164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016809"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-35164"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-833"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-377255"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-35164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016809"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-35164"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-833"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-377255"
      },
      {
        "date": "2022-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-35164"
      },
      {
        "date": "2023-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-016809"
      },
      {
        "date": "2022-07-11T20:15:08.330000",
        "db": "NVD",
        "id": "CVE-2020-35164"
      },
      {
        "date": "2022-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-833"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-10-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-377255"
      },
      {
        "date": "2022-07-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-35164"
      },
      {
        "date": "2023-09-25T06:06:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-016809"
      },
      {
        "date": "2022-10-06T16:07:35.737000",
        "db": "NVD",
        "id": "CVE-2020-35164"
      },
      {
        "date": "2022-07-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-833"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-833"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell\u00a0BSAFE\u00a0Crypto-C\u00a0Micro\u00a0Edition\u00a0 and \u00a0Dell\u00a0BSAFE\u00a0Micro\u00a0Edition\u00a0Suite\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016809"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-833"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2024-AVI-0324

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle Solaris Cluster version 4 sans les derniers correctifs de sécurité
Oracle	N/A	Oracle StorageTek Tape Analytics (STA) version 2.5 sans les derniers correctifs de sécurité
Oracle	N/A	Oracle Solaris version 11 sans les derniers correctifs de sécurité
Oracle	N/A	Oracle ZFS Storage Appliance Kit version 8.8 sans les derniers correctifs de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2024verbose du 16 avril 2024	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2024 du 16 avril 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Solaris Cluster version 4 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle StorageTek Tape Analytics (STA) version 2.5 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Solaris version 11 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle ZFS Storage Appliance Kit version 8.8 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2022-45688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45688"
    },
    {
      "name": "CVE-2021-36373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36373"
    },
    {
      "name": "CVE-2022-34381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34381"
    },
    {
      "name": "CVE-2024-21105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21105"
    },
    {
      "name": "CVE-2023-1436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
    },
    {
      "name": "CVE-2020-29508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29508"
    },
    {
      "name": "CVE-2021-36374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36374"
    },
    {
      "name": "CVE-2021-37533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
    },
    {
      "name": "CVE-2024-21059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21059"
    },
    {
      "name": "CVE-2020-35164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35164"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2023-20863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
    },
    {
      "name": "CVE-2022-42920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
    },
    {
      "name": "CVE-2022-42890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
    },
    {
      "name": "CVE-2024-21104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21104"
    },
    {
      "name": "CVE-2020-35166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35166"
    },
    {
      "name": "CVE-2020-35163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35163"
    },
    {
      "name": "CVE-2020-35168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35168"
    },
    {
      "name": "CVE-2023-24998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2022-36033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36033"
    },
    {
      "name": "CVE-2024-20999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20999"
    },
    {
      "name": "CVE-2022-24839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24839"
    },
    {
      "name": "CVE-2022-41704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
    },
    {
      "name": "CVE-2020-35167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35167"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0324",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024verbose du 16 avril 2024",
      "url": "https://www.oracle.com/security-alerts/cpuapr2024verbose.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024 du 16 avril 2024",
      "url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
    }
  ]
}

CERTFR-2022-AVI-654

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Oracle Database Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Oracle Database version 12.1.0.2
Oracle Database version 19c
Oracle Database version 21c
Oracle Application Express versions antérieures à 22.1.1

Les versions d'Oracle Database qui ne sont plus sous maintenance sont affectées par la vulnérabilité CVE-2022-21510.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujul2022 du 19 juillet 2022	None	vendor-advisory
Bulletin de sécurité Oracle cpujul2022verbose du 19 juillet 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eOracle Database version 12.1.0.2\u003c/li\u003e \u003cli\u003eOracle Database version 19c\u003c/li\u003e \u003cli\u003eOracle Database version 21c\u003c/li\u003e \u003cli\u003eOracle Application Express versions ant\u00e9rieures \u00e0 22.1.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes versions d\u0027Oracle Database qui ne sont plus sous maintenance sont affect\u00e9es par la vuln\u00e9rabilit\u00e9 CVE-2022-21510.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-45943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45943"
    },
    {
      "name": "CVE-2020-26185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26185"
    },
    {
      "name": "CVE-2021-41182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
    },
    {
      "name": "CVE-2022-21511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21511"
    },
    {
      "name": "CVE-2022-21565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21565"
    },
    {
      "name": "CVE-2020-29508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29508"
    },
    {
      "name": "CVE-2022-24728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24728"
    },
    {
      "name": "CVE-2021-41184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
    },
    {
      "name": "CVE-2021-41183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
    },
    {
      "name": "CVE-2020-35164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35164"
    },
    {
      "name": "CVE-2020-29505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29505"
    },
    {
      "name": "CVE-2022-21432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21432"
    },
    {
      "name": "CVE-2022-24729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
    },
    {
      "name": "CVE-2020-29507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29507"
    },
    {
      "name": "CVE-2020-29506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29506"
    },
    {
      "name": "CVE-2022-0839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0839"
    },
    {
      "name": "CVE-2020-35166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35166"
    },
    {
      "name": "CVE-2020-35163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35163"
    },
    {
      "name": "CVE-2020-36518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
    },
    {
      "name": "CVE-2020-35168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35168"
    },
    {
      "name": "CVE-2020-35169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35169"
    },
    {
      "name": "CVE-2022-29885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29885"
    },
    {
      "name": "CVE-2022-21510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21510"
    },
    {
      "name": "CVE-2020-35167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35167"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-654",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-07-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database\nServer. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022 du 19 juillet 2022",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixDB"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022verbose du 19 juillet 2022",
      "url": "https://www.oracle.com/security-alerts/cpujul2022verbose.html#DB"
    }
  ]
}

CERTFR-2022-AVI-654

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Oracle Database version 12.1.0.2
Oracle Database version 19c
Oracle Database version 21c
Oracle Application Express versions antérieures à 22.1.1

Les versions d'Oracle Database qui ne sont plus sous maintenance sont affectées par la vulnérabilité CVE-2022-21510.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujul2022 du 19 juillet 2022	None	vendor-advisory
Bulletin de sécurité Oracle cpujul2022verbose du 19 juillet 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eOracle Database version 12.1.0.2\u003c/li\u003e \u003cli\u003eOracle Database version 19c\u003c/li\u003e \u003cli\u003eOracle Database version 21c\u003c/li\u003e \u003cli\u003eOracle Application Express versions ant\u00e9rieures \u00e0 22.1.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes versions d\u0027Oracle Database qui ne sont plus sous maintenance sont affect\u00e9es par la vuln\u00e9rabilit\u00e9 CVE-2022-21510.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-45943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45943"
    },
    {
      "name": "CVE-2020-26185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26185"
    },
    {
      "name": "CVE-2021-41182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
    },
    {
      "name": "CVE-2022-21511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21511"
    },
    {
      "name": "CVE-2022-21565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21565"
    },
    {
      "name": "CVE-2020-29508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29508"
    },
    {
      "name": "CVE-2022-24728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24728"
    },
    {
      "name": "CVE-2021-41184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
    },
    {
      "name": "CVE-2021-41183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
    },
    {
      "name": "CVE-2020-35164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35164"
    },
    {
      "name": "CVE-2020-29505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29505"
    },
    {
      "name": "CVE-2022-21432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21432"
    },
    {
      "name": "CVE-2022-24729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
    },
    {
      "name": "CVE-2020-29507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29507"
    },
    {
      "name": "CVE-2020-29506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29506"
    },
    {
      "name": "CVE-2022-0839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0839"
    },
    {
      "name": "CVE-2020-35166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35166"
    },
    {
      "name": "CVE-2020-35163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35163"
    },
    {
      "name": "CVE-2020-36518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
    },
    {
      "name": "CVE-2020-35168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35168"
    },
    {
      "name": "CVE-2020-35169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35169"
    },
    {
      "name": "CVE-2022-29885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29885"
    },
    {
      "name": "CVE-2022-21510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21510"
    },
    {
      "name": "CVE-2020-35167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35167"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-654",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-07-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database\nServer. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022 du 19 juillet 2022",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixDB"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022verbose du 19 juillet 2022",
      "url": "https://www.oracle.com/security-alerts/cpujul2022verbose.html#DB"
    }
  ]
}

CERTFR-2024-AVI-0324

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle Solaris Cluster version 4 sans les derniers correctifs de sécurité
Oracle	N/A	Oracle StorageTek Tape Analytics (STA) version 2.5 sans les derniers correctifs de sécurité
Oracle	N/A	Oracle Solaris version 11 sans les derniers correctifs de sécurité
Oracle	N/A	Oracle ZFS Storage Appliance Kit version 8.8 sans les derniers correctifs de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2024verbose du 16 avril 2024	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2024 du 16 avril 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Solaris Cluster version 4 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle StorageTek Tape Analytics (STA) version 2.5 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Solaris version 11 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle ZFS Storage Appliance Kit version 8.8 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2022-45688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45688"
    },
    {
      "name": "CVE-2021-36373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36373"
    },
    {
      "name": "CVE-2022-34381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34381"
    },
    {
      "name": "CVE-2024-21105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21105"
    },
    {
      "name": "CVE-2023-1436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
    },
    {
      "name": "CVE-2020-29508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29508"
    },
    {
      "name": "CVE-2021-36374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36374"
    },
    {
      "name": "CVE-2021-37533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
    },
    {
      "name": "CVE-2024-21059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21059"
    },
    {
      "name": "CVE-2020-35164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35164"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2023-20863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
    },
    {
      "name": "CVE-2022-42920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
    },
    {
      "name": "CVE-2022-42890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
    },
    {
      "name": "CVE-2024-21104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21104"
    },
    {
      "name": "CVE-2020-35166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35166"
    },
    {
      "name": "CVE-2020-35163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35163"
    },
    {
      "name": "CVE-2020-35168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35168"
    },
    {
      "name": "CVE-2023-24998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2022-36033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36033"
    },
    {
      "name": "CVE-2024-20999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20999"
    },
    {
      "name": "CVE-2022-24839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24839"
    },
    {
      "name": "CVE-2022-41704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
    },
    {
      "name": "CVE-2020-35167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35167"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0324",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024verbose du 16 avril 2024",
      "url": "https://www.oracle.com/security-alerts/cpuapr2024verbose.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024 du 16 avril 2024",
      "url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
    }
  ]
}

CNVD-2022-84615

Vulnerability from cnvd - Published: 2022-12-05

Title

Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite存在未明漏洞（CNVD-2022-84615）

Description

Dell BSAFE Micro Edition Suite是一个可为c/c++应用、设备、系统提供加密、证书和传输层安全性的开发工具包。Dell BSAFE是一款安全软件产品，它支持加密算法、证书链验证和传输层安全性（TLS）加密套件等，以帮助用户实现其应用程序的各种安全目标。 Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite存在安全漏洞，目前没有详细漏洞细节提供。

Severity

高

Patch Name

Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite存在未明漏洞（CNVD-2022-84615）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

Reference

https://cxsecurity.com/cveshow/CVE-2020-35164/

Impacted products

Name
['Dell BSAFE Crypto-C Micro Edition <4.1.5', 'DELL BSAFE Micro Edition Suite <4.6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-35164"
    }
  },
  "description": "Dell BSAFE Micro Edition Suite\u662f\u4e00\u4e2a\u53ef\u4e3ac/c++\u5e94\u7528\u3001\u8bbe\u5907\u3001\u7cfb\u7edf\u63d0\u4f9b\u52a0\u5bc6\u3001\u8bc1\u4e66\u548c\u4f20\u8f93\u5c42\u5b89\u5168\u6027\u7684\u5f00\u53d1\u5de5\u5177\u5305\u3002Dell BSAFE\u662f\u4e00\u6b3e\u5b89\u5168\u8f6f\u4ef6\u4ea7\u54c1\uff0c\u5b83\u652f\u6301\u52a0\u5bc6\u7b97\u6cd5\u3001\u8bc1\u4e66\u94fe\u9a8c\u8bc1\u548c\u4f20\u8f93\u5c42\u5b89\u5168\u6027\uff08TLS\uff09\u52a0\u5bc6\u5957\u4ef6\u7b49\uff0c\u4ee5\u5e2e\u52a9\u7528\u6237\u5b9e\u73b0\u5176\u5e94\u7528\u7a0b\u5e8f\u7684\u5404\u79cd\u5b89\u5168\u76ee\u6807\u3002\n\nDell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-84615",
  "openTime": "2022-12-05",
  "patchDescription": "Dell BSAFE Micro Edition Suite\u662f\u4e00\u4e2a\u53ef\u4e3ac/c++\u5e94\u7528\u3001\u8bbe\u5907\u3001\u7cfb\u7edf\u63d0\u4f9b\u52a0\u5bc6\u3001\u8bc1\u4e66\u548c\u4f20\u8f93\u5c42\u5b89\u5168\u6027\u7684\u5f00\u53d1\u5de5\u5177\u5305\u3002Dell BSAFE\u662f\u4e00\u6b3e\u5b89\u5168\u8f6f\u4ef6\u4ea7\u54c1\uff0c\u5b83\u652f\u6301\u52a0\u5bc6\u7b97\u6cd5\u3001\u8bc1\u4e66\u94fe\u9a8c\u8bc1\u548c\u4f20\u8f93\u5c42\u5b89\u5168\u6027\uff08TLS\uff09\u52a0\u5bc6\u5957\u4ef6\u7b49\uff0c\u4ee5\u5e2e\u52a9\u7528\u6237\u5b9e\u73b0\u5176\u5e94\u7528\u7a0b\u5e8f\u7684\u5404\u79cd\u5b89\u5168\u76ee\u6807\u3002\r\n\r\nDell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-84615\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Dell BSAFE Crypto-C Micro Edition \u003c4.1.5",
      "DELL BSAFE Micro Edition Suite \u003c4.6"
    ]
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2020-35164/",
  "serverity": "\u9ad8",
  "submitTime": "2022-07-13",
  "title": "Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-84615\uff09"
}

WID-SEC-W-2022-0714

Vulnerability from csaf_certbund - Published: 2022-07-18 22:00 - Updated: 2024-02-04 23:00

Summary

Dell BSAFE: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Dell BSAFE ist eine Sicherheitssoftware, die Entwicklern ermöglicht weitreichende Sicherheitsziele ihrer Applikationen zu erreichen.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Dell BSAFE ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren.

Betroffene Betriebssysteme

- UNIX - Linux - Windows - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Dell  BSAFE ist eine Sicherheitssoftware, die Entwicklern erm\u00f6glicht weitreichende Sicherheitsziele ihrer Applikationen zu erreichen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Dell BSAFE ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0714 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0714.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0714 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0714"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2020-286 vom 2022-07-18",
        "url": "https://www.dell.com/support/kbdoc/de-de/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-070 vom 2024-02-03",
        "url": "https://www.dell.com/support/kbdoc/000221770/dsa-2024-="
      }
    ],
    "source_lang": "en-US",
    "title": "Dell BSAFE: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-02-04T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:31:49.544+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-0714",
      "initial_release_date": "2022-07-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-07-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-02-04T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Dell BSAFE \u003c 4.1.5",
                "product": {
                  "name": "Dell BSAFE \u003c 4.1.5",
                  "product_id": "T023891",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:bsafe:4.1.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Dell BSAFE \u003c 4.5.2",
                "product": {
                  "name": "Dell BSAFE \u003c 4.5.2",
                  "product_id": "T023892",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:bsafe:4.5.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Dell BSAFE \u003c 4.6",
                "product": {
                  "name": "Dell BSAFE \u003c 4.6",
                  "product_id": "T023893",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:bsafe:4.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "BSAFE"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC Avamar",
            "product": {
              "name": "EMC Avamar",
              "product_id": "T014381",
              "product_identification_helper": {
                "cpe": "cpe:/a:emc:avamar:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-29504",
      "notes": [
        {
          "category": "description",
          "text": "In Dell BSAFE existieren mehrere Schwachstellen. Es bestehen Fehler hinsichtlich der Eingabevalidierung, unvollst\u00e4ndiger Ausf\u00fchrung von Krypto-Operationen, Fehler mit dem Schl\u00fcsselmanagement sowie mehrere Fehler die Timing-Angriffe erm\u00f6glichen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381"
        ]
      },
      "release_date": "2022-07-18T22:00:00.000+00:00",
      "title": "CVE-2020-29504"
    },
    {
      "cve": "CVE-2020-29505",
      "notes": [
        {
          "category": "description",
          "text": "In Dell BSAFE existieren mehrere Schwachstellen. Es bestehen Fehler hinsichtlich der Eingabevalidierung, unvollst\u00e4ndiger Ausf\u00fchrung von Krypto-Operationen, Fehler mit dem Schl\u00fcsselmanagement sowie mehrere Fehler die Timing-Angriffe erm\u00f6glichen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381"
        ]
      },
      "release_date": "2022-07-18T22:00:00.000+00:00",
      "title": "CVE-2020-29505"
    },
    {
      "cve": "CVE-2020-29506",
      "notes": [
        {
          "category": "description",
          "text": "In Dell BSAFE existieren mehrere Schwachstellen. Es bestehen Fehler hinsichtlich der Eingabevalidierung, unvollst\u00e4ndiger Ausf\u00fchrung von Krypto-Operationen, Fehler mit dem Schl\u00fcsselmanagement sowie mehrere Fehler die Timing-Angriffe erm\u00f6glichen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381"
        ]
      },
      "release_date": "2022-07-18T22:00:00.000+00:00",
      "title": "CVE-2020-29506"
    },
    {
      "cve": "CVE-2020-29507",
      "notes": [
        {
          "category": "description",
          "text": "In Dell BSAFE existieren mehrere Schwachstellen. Es bestehen Fehler hinsichtlich der Eingabevalidierung, unvollst\u00e4ndiger Ausf\u00fchrung von Krypto-Operationen, Fehler mit dem Schl\u00fcsselmanagement sowie mehrere Fehler die Timing-Angriffe erm\u00f6glichen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381"
        ]
      },
      "release_date": "2022-07-18T22:00:00.000+00:00",
      "title": "CVE-2020-29507"
    },
    {
      "cve": "CVE-2020-29508",
      "notes": [
        {
          "category": "description",
          "text": "In Dell BSAFE existieren mehrere Schwachstellen. Es bestehen Fehler hinsichtlich der Eingabevalidierung, unvollst\u00e4ndiger Ausf\u00fchrung von Krypto-Operationen, Fehler mit dem Schl\u00fcsselmanagement sowie mehrere Fehler die Timing-Angriffe erm\u00f6glichen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381"
        ]
      },
      "release_date": "2022-07-18T22:00:00.000+00:00",
      "title": "CVE-2020-29508"
    },
    {
      "cve": "CVE-2020-35163",
      "notes": [
        {
          "category": "description",
          "text": "In Dell BSAFE existieren mehrere Schwachstellen. Es bestehen Fehler hinsichtlich der Eingabevalidierung, unvollst\u00e4ndiger Ausf\u00fchrung von Krypto-Operationen, Fehler mit dem Schl\u00fcsselmanagement sowie mehrere Fehler die Timing-Angriffe erm\u00f6glichen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381"
        ]
      },
      "release_date": "2022-07-18T22:00:00.000+00:00",
      "title": "CVE-2020-35163"
    },
    {
      "cve": "CVE-2020-35164",
      "notes": [
        {
          "category": "description",
          "text": "In Dell BSAFE existieren mehrere Schwachstellen. Es bestehen Fehler hinsichtlich der Eingabevalidierung, unvollst\u00e4ndiger Ausf\u00fchrung von Krypto-Operationen, Fehler mit dem Schl\u00fcsselmanagement sowie mehrere Fehler die Timing-Angriffe erm\u00f6glichen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381"
        ]
      },
      "release_date": "2022-07-18T22:00:00.000+00:00",
      "title": "CVE-2020-35164"
    },
    {
      "cve": "CVE-2020-35165",
      "notes": [
        {
          "category": "description",
          "text": "In Dell BSAFE existieren mehrere Schwachstellen. Es bestehen Fehler hinsichtlich der Eingabevalidierung, unvollst\u00e4ndiger Ausf\u00fchrung von Krypto-Operationen, Fehler mit dem Schl\u00fcsselmanagement sowie mehrere Fehler die Timing-Angriffe erm\u00f6glichen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381"
        ]
      },
      "release_date": "2022-07-18T22:00:00.000+00:00",
      "title": "CVE-2020-35165"
    },
    {
      "cve": "CVE-2020-35166",
      "notes": [
        {
          "category": "description",
          "text": "In Dell BSAFE existieren mehrere Schwachstellen. Es bestehen Fehler hinsichtlich der Eingabevalidierung, unvollst\u00e4ndiger Ausf\u00fchrung von Krypto-Operationen, Fehler mit dem Schl\u00fcsselmanagement sowie mehrere Fehler die Timing-Angriffe erm\u00f6glichen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381"
        ]
      },
      "release_date": "2022-07-18T22:00:00.000+00:00",
      "title": "CVE-2020-35166"
    },
    {
      "cve": "CVE-2020-35167",
      "notes": [
        {
          "category": "description",
          "text": "In Dell BSAFE existieren mehrere Schwachstellen. Es bestehen Fehler hinsichtlich der Eingabevalidierung, unvollst\u00e4ndiger Ausf\u00fchrung von Krypto-Operationen, Fehler mit dem Schl\u00fcsselmanagement sowie mehrere Fehler die Timing-Angriffe erm\u00f6glichen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381"
        ]
      },
      "release_date": "2022-07-18T22:00:00.000+00:00",
      "title": "CVE-2020-35167"
    },
    {
      "cve": "CVE-2020-35168",
      "notes": [
        {
          "category": "description",
          "text": "In Dell BSAFE existieren mehrere Schwachstellen. Es bestehen Fehler hinsichtlich der Eingabevalidierung, unvollst\u00e4ndiger Ausf\u00fchrung von Krypto-Operationen, Fehler mit dem Schl\u00fcsselmanagement sowie mehrere Fehler die Timing-Angriffe erm\u00f6glichen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381"
        ]
      },
      "release_date": "2022-07-18T22:00:00.000+00:00",
      "title": "CVE-2020-35168"
    },
    {
      "cve": "CVE-2020-35169",
      "notes": [
        {
          "category": "description",
          "text": "In Dell BSAFE existieren mehrere Schwachstellen. Es bestehen Fehler hinsichtlich der Eingabevalidierung, unvollst\u00e4ndiger Ausf\u00fchrung von Krypto-Operationen, Fehler mit dem Schl\u00fcsselmanagement sowie mehrere Fehler die Timing-Angriffe erm\u00f6glichen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381"
        ]
      },
      "release_date": "2022-07-18T22:00:00.000+00:00",
      "title": "CVE-2020-35169"
    },
    {
      "cve": "CVE-2021-21575",
      "notes": [
        {
          "category": "description",
          "text": "In Dell BSAFE existieren mehrere Schwachstellen. Es bestehen Fehler hinsichtlich der Eingabevalidierung, unvollst\u00e4ndiger Ausf\u00fchrung von Krypto-Operationen, Fehler mit dem Schl\u00fcsselmanagement sowie mehrere Fehler die Timing-Angriffe erm\u00f6glichen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381"
        ]
      },
      "release_date": "2022-07-18T22:00:00.000+00:00",
      "title": "CVE-2021-21575"
    }
  ]
}

GHSA-7WC7-W528-4FR7

Vulnerability from github – Published: 2022-07-12 00:00 – Updated: 2022-07-19 00:00

Details

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

Severity ?

8.1 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-35164"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-11T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,\nversions before 4.6, contain an Observable Timing Discrepancy Vulnerability.",
  "id": "GHSA-7wc7-w528-4fr7",
  "modified": "2022-07-19T00:00:25Z",
  "published": "2022-07-12T00:00:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35164"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2020-35164

Vulnerability from fkie_nvd - Published: 2022-07-11 20:15 - Updated: 2024-11-21 05:26

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

References

URL	Tags
security_alert@emc.com	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities	Vendor Advisory
security_alert@emc.com	https://www.oracle.com/security-alerts/cpujul2022.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2022.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
dell	bsafe_crypto-c-micro-edition	*
dell	bsafe_micro-edition-suite	*
oracle	database	12.1.0.2
oracle	database	19c
oracle	database	21c
oracle	http_server	12.2.1.3.0
oracle	http_server	12.2.1.4.0
oracle	security_service	12.2.1.3.0
oracle	security_service	12.2.1.4.0
oracle	weblogic_server_proxy_plug-in	12.2.1.3.0
oracle	weblogic_server_proxy_plug-in	12.2.1.4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C3D1B15-8F35-4976-8BA0-35816ECE6A92",
              "versionEndExcluding": "4.1.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AA9AC46-4B4A-4776-A15D-42A0AF64D64E",
              "versionEndExcluding": "4.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FD166F7-8A83-4BC7-A392-E830E87F841B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D345C2D3-6AA5-4573-8397-ED1EB0153DB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A4AE8A2-62D9-4C08-A608-A057895E4E46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability."
    },
    {
      "lang": "es",
      "value": "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a la 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a la 4.6, contienen una vulnerabilidad de discrepancia de tiempo observable"
    }
  ],
  "id": "CVE-2020-35164",
  "lastModified": "2024-11-21T05:26:52.947",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 5.2,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-11T20:15:08.330",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-385"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-35164 (GCVE-0-2020-35164)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature