CVE-2019-3730

Опубликовано: 30 сент. 2019

Источник: nvd

CVSS3: 5.9

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

Ссылки

https://www.dell.com/support/kbdoc/000194054
Vendor Advisory
https://www.dell.com/support/kbdoc/000194054
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*

Версия от 4.1.0 (включая) до 4.1.6.3 (исключая)

cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*

Версия от 4.2.0 (включая) до 4.4.0 (исключая)

EPSS

Процентиль: 30%

0.00113

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-649

CWE-209

Связанные уязвимости

GHSA-jjf7-f765-jjf2

CVSS3: 7.5

github

больше 3 лет назад

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a ?padding oracle attack vulnerability?. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

EPSS

Процентиль: 30%

0.00113

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-649

CWE-209