Sign-up

ID

VAR-201909-1533


CVE

CVE-2019-3733


TITLE

RSA BSAFE Crypto-C Micro Edition Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-010283

DESCRIPTION

RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. RSA BSAFE Crypto-C Micro Edition Contains an information disclosure vulnerability.Information may be obtained. This vulnerability stems from configuration errors in network systems or products during operation

Trust: 1.71

sources: NVD: CVE-2019-3733 // JVNDB: JVNDB-2019-010283 // VULHUB: VHN-155168

AFFECTED PRODUCTS

vendor:emcmodel:rsa bsafe crypto-cscope:gteversion:4.0

Trust: 1.0

vendor:dellmodel:bsafe crypto-c-micro-editionscope:gteversion:4.1

Trust: 1.0

vendor:dellmodel:bsafe crypto-c-micro-editionscope:ltversion:4.1.4

Trust: 1.0

vendor:emcmodel:rsa bsafe crypto-cscope:lteversion:4.0.5.3

Trust: 1.0

vendor:dell emc old emcmodel:rsa bsafe crypto-cscope:ltversion:4.1.4

Trust: 0.8

sources: JVNDB: JVNDB-2019-010283 // NVD: CVE-2019-3733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3733
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2019-3733
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3733
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201909-1373
value: MEDIUM

Trust: 0.6

VULHUB: VHN-155168
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3733
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155168
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3733
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2019-3733
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2019-3733
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-155168 // JVNDB: JVNDB-2019-010283 // CNNVD: CNNVD-201909-1373 // NVD: CVE-2019-3733 // NVD: CVE-2019-3733

PROBLEMTYPE DATA

problemtype:CWE-459

Trust: 1.1

problemtype:CWE-316

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-155168 // JVNDB: JVNDB-2019-010283 // NVD: CVE-2019-3733

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1373

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201909-1373

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010283

PATCH
title:DSA-2019-079: RSA BSAFE Crypto-C Micro Edition and Micro Edition Suite Multiple Security Vulnerabilitiesurl:https://www.dell.com/support/security/ja-jp/details/DOC-107000/DSA-2019-079-RSA-BSAFE®-Crypto-C-Micro-Edition-and-Micro-Edition-Suite-Multiple-Security-Vulnerab
Trust: 0.8
title:RSA BSAFE Crypto-C Micro Edition Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98752
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010283 // 
            
            
            
            CNNVD: CNNVD-201909-1373

EXTERNAL IDS
db:NVDid:CVE-2019-3733
Trust: 2.5
db:JVNDBid:JVNDB-2019-010283
Trust: 0.8
db:CNNVDid:CNNVD-201909-1373
Trust: 0.7
db:CNVDid:CNVD-2020-15713
Trust: 0.1
db:VULHUBid:VHN-155168
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155168 // 
            
            
            
            JVNDB: JVNDB-2019-010283 // 
            
            
            
            CNNVD: CNNVD-201909-1373 // 
            
            
            
            NVD: CVE-2019-3733

REFERENCES
url:https://www.dell.com/support/kbdoc/000194054
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-3733
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3733
Trust: 0.8
url:https://www.dell.com/support/security/en-us/details/doc-107000/dsa-2019-079-rsa-bsafeĀ®-crypto-c-micro-edition-and-micro-edition-suite-multiple-security-vulnerab
Trust: 0.6
sources:
            
            
            VULHUB: VHN-155168 // 
            
            
            
            JVNDB: JVNDB-2019-010283 // 
            
            
            
            CNNVD: CNNVD-201909-1373 // 
            
            
            
            NVD: CVE-2019-3733

SOURCES
db:VULHUBid:VHN-155168
db:JVNDBid:JVNDB-2019-010283
db:CNNVDid:CNNVD-201909-1373
db:NVDid:CVE-2019-3733

LAST UPDATE DATE
2024-11-23T23:04:37.705000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155168date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2019-010283date:2019-10-10T00:00:00
db:CNNVDid:CNNVD-201909-1373date:2022-03-10T00:00:00
db:NVDid:CVE-2019-3733date:2024-11-21T04:42:25.680

SOURCES RELEASE DATE
db:VULHUBid:VHN-155168date:2019-09-30T00:00:00
db:JVNDBid:JVNDB-2019-010283date:2019-10-10T00:00:00
db:CNNVDid:CNNVD-201909-1373date:2019-09-30T00:00:00
db:NVDid:CVE-2019-3733date:2019-09-30T22:15:10.687