VAR-201909-1534
Vulnerability from variot - Updated: 2023-12-18 13:28RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. This vulnerability stems from configuration errors in network systems or products during operation. 3 previous versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1534",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rsa bsafe crypto-c",
"scope": "gte",
"trust": 1.0,
"vendor": "emc",
"version": "4.1"
},
{
"model": "bsafe crypto-c-micro-edition",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "4.0"
},
{
"model": "bsafe micro-edition-suite",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "4.2.0"
},
{
"model": "rsa bsafe crypto-c",
"scope": "lt",
"trust": 1.0,
"vendor": "emc",
"version": "4.1.3.3"
},
{
"model": "bsafe crypto-c-micro-edition",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.0.5.3"
},
{
"model": "bsafe micro-edition-suite",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.0.11"
},
{
"model": "bsafe micro-edition-suite",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.1.6.1"
},
{
"model": "bsafe micro-edition-suite",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.3.3"
},
{
"model": "bsafe micro-edition-suite",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "4.1.0"
},
{
"model": "bsafe micro-edition-suite",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "4.0.0"
},
{
"model": "rsa bsafe",
"scope": "lt",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "4.0.x"
},
{
"model": "rsa bsafe crypto-c",
"scope": "lt",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "4.0.x"
},
{
"model": "rsa bsafe crypto-c",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "4.2.x"
},
{
"model": "rsa bsafe crypto-c",
"scope": "lt",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "4.3.x"
},
{
"model": "rsa bsafe",
"scope": "lt",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "4.1.x"
},
{
"model": "rsa bsafe crypto-c",
"scope": "lt",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "4.1.x"
},
{
"model": "rsa bsafe",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "4.1.3.3"
},
{
"model": "rsa bsafe crypto-c",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "4.3.3"
},
{
"model": "rsa bsafe crypto-c",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "4.0.11"
},
{
"model": "rsa bsafe",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "4.0.5.3"
},
{
"model": "rsa bsafe crypto-c",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "4.1.6.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010282"
},
{
"db": "NVD",
"id": "CVE-2019-3732"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.3.3",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.11",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.5.3",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emc:rsa_bsafe_crypto-c:*:*:*:*:micro_edition:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.3.3",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.6.1",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3732"
}
]
},
"cve": "CVE-2019-3732",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-3732",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-155167",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3732",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3732",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2019-3732",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-1372",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155167",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155167"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010282"
},
{
"db": "NVD",
"id": "CVE-2019-3732"
},
{
"db": "NVD",
"id": "CVE-2019-3732"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1372"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. This vulnerability stems from configuration errors in network systems or products during operation. 3 previous versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3732"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010282"
},
{
"db": "VULHUB",
"id": "VHN-155167"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3732",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010282",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1372",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-155167",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155167"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010282"
},
{
"db": "NVD",
"id": "CVE-2019-3732"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1372"
}
]
},
"id": "VAR-201909-1534",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155167"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:28:26.652000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2019-079: RSA BSAFE Crypto-C Micro Edition and Micro Edition Suite Multiple Security Vulnerabilities",
"trust": 0.8,
"url": "https://www.dell.com/support/security/ja-jp/details/doc-107000/dsa-2019-079-rsa-bsafe\u0026#174;-crypto-c-micro-edition-and-micro-edition-suite-multiple-security-vulnerab"
},
{
"title": "RSA BSAFE Crypto-C Micro Edition Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98751"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010282"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1372"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155167"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010282"
},
{
"db": "NVD",
"id": "CVE-2019-3732"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.dell.com/support/kbdoc/000194054"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3732"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3732"
},
{
"trust": 0.6,
"url": "https://www.dell.com/support/security/en-us/details/doc-107000/dsa-2019-079-rsa-bsafe\u00ae-crypto-c-micro-edition-and-micro-edition-suite-multiple-security-vulnerab"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155167"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010282"
},
{
"db": "NVD",
"id": "CVE-2019-3732"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1372"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155167"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010282"
},
{
"db": "NVD",
"id": "CVE-2019-3732"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1372"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-155167"
},
{
"date": "2019-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010282"
},
{
"date": "2019-09-30T22:15:10.623000",
"db": "NVD",
"id": "CVE-2019-3732"
},
{
"date": "2019-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1372"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-155167"
},
{
"date": "2019-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010282"
},
{
"date": "2022-04-12T18:40:43.250000",
"db": "NVD",
"id": "CVE-2019-3732"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1372"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1372"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RSA BSAFE Crypto-C Micro Edition and Micro Edition Suite Vulnerability related to information disclosure caused by difference in response to security related processing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010282"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1372"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…