Sign-up

ID

VAR-201909-1534


CVE

CVE-2019-3732


TITLE

RSA BSAFE Crypto-C Micro Edition and Micro Edition Suite Vulnerability related to information disclosure caused by difference in response to security related processing

Trust: 0.8

sources: JVNDB: JVNDB-2019-010282

DESCRIPTION

RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. This vulnerability stems from configuration errors in network systems or products during operation. 3 previous versions

Trust: 1.71

sources: NVD: CVE-2019-3732 // JVNDB: JVNDB-2019-010282 // VULHUB: VHN-155167

AFFECTED PRODUCTS

vendor:dellmodel:bsafe micro-edition-suitescope:ltversion:4.1.6.1

Trust: 1.0

vendor:dellmodel:bsafe micro-edition-suitescope:gteversion:4.0.0

Trust: 1.0

vendor:dellmodel:bsafe micro-edition-suitescope:ltversion:4.3.3

Trust: 1.0

vendor:dellmodel:bsafe micro-edition-suitescope:ltversion:4.0.11

Trust: 1.0

vendor:emcmodel:rsa bsafe crypto-cscope:ltversion:4.1.3.3

Trust: 1.0

vendor:dellmodel:bsafe crypto-c-micro-editionscope:gteversion:4.0

Trust: 1.0

vendor:emcmodel:rsa bsafe crypto-cscope:gteversion:4.1

Trust: 1.0

vendor:dellmodel:bsafe crypto-c-micro-editionscope:ltversion:4.0.5.3

Trust: 1.0

vendor:dellmodel:bsafe micro-edition-suitescope:gteversion:4.1.0

Trust: 1.0

vendor:dellmodel:bsafe micro-edition-suitescope:gteversion:4.2.0

Trust: 1.0

vendor:dell emc old emcmodel:rsa bsafescope:ltversion:4.0.x

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafe crypto-cscope:ltversion:4.0.x

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafe crypto-cscope:eqversion:4.2.x

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafe crypto-cscope:ltversion:4.3.x

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafescope:ltversion:4.1.x

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafe crypto-cscope:ltversion:4.1.x

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafescope:eqversion:4.1.3.3

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafe crypto-cscope:eqversion:4.3.3

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafe crypto-cscope:eqversion:4.0.11

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafescope:eqversion:4.0.5.3

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafe crypto-cscope:eqversion:4.1.6.1

Trust: 0.8

sources: JVNDB: JVNDB-2019-010282 // NVD: CVE-2019-3732

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3732
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2019-3732
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3732
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-1372
value: HIGH

Trust: 0.6

VULHUB: VHN-155167
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3732
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155167
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3732
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2019-3732
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2019-3732
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-155167 // JVNDB: JVNDB-2019-010282 // CNNVD: CNNVD-201909-1372 // NVD: CVE-2019-3732 // NVD: CVE-2019-3732

PROBLEMTYPE DATA

problemtype:CWE-203

Trust: 1.9

problemtype:CWE-385

Trust: 1.0

sources: VULHUB: VHN-155167 // JVNDB: JVNDB-2019-010282 // NVD: CVE-2019-3732

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1372

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201909-1372

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010282

PATCH
title:DSA-2019-079: RSA BSAFE Crypto-C Micro Edition and Micro Edition Suite Multiple Security Vulnerabilitiesurl:https://www.dell.com/support/security/ja-jp/details/DOC-107000/DSA-2019-079-RSA-BSAFE®-Crypto-C-Micro-Edition-and-Micro-Edition-Suite-Multiple-Security-Vulnerab
Trust: 0.8
title:RSA BSAFE Crypto-C Micro Edition Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98751
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010282 // 
            
            
            
            CNNVD: CNNVD-201909-1372

EXTERNAL IDS
db:NVDid:CVE-2019-3732
Trust: 2.5
db:JVNDBid:JVNDB-2019-010282
Trust: 0.8
db:CNNVDid:CNNVD-201909-1372
Trust: 0.7
db:VULHUBid:VHN-155167
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155167 // 
            
            
            
            JVNDB: JVNDB-2019-010282 // 
            
            
            
            CNNVD: CNNVD-201909-1372 // 
            
            
            
            NVD: CVE-2019-3732

REFERENCES
url:https://www.dell.com/support/kbdoc/000194054
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-3732
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3732
Trust: 0.8
url:https://www.dell.com/support/security/en-us/details/doc-107000/dsa-2019-079-rsa-bsafeĀ®-crypto-c-micro-edition-and-micro-edition-suite-multiple-security-vulnerab
Trust: 0.6
sources:
            
            
            VULHUB: VHN-155167 // 
            
            
            
            JVNDB: JVNDB-2019-010282 // 
            
            
            
            CNNVD: CNNVD-201909-1372 // 
            
            
            
            NVD: CVE-2019-3732

SOURCES
db:VULHUBid:VHN-155167
db:JVNDBid:JVNDB-2019-010282
db:CNNVDid:CNNVD-201909-1372
db:NVDid:CVE-2019-3732

LAST UPDATE DATE
2024-11-23T23:08:15.077000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155167date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2019-010282date:2019-10-10T00:00:00
db:CNNVDid:CNNVD-201909-1372date:2022-03-10T00:00:00
db:NVDid:CVE-2019-3732date:2024-11-21T04:42:25.547

SOURCES RELEASE DATE
db:VULHUBid:VHN-155167date:2019-09-30T00:00:00
db:JVNDBid:JVNDB-2019-010282date:2019-10-10T00:00:00
db:CNNVDid:CNNVD-201909-1372date:2019-09-30T00:00:00
db:NVDid:CVE-2019-3732date:2019-09-30T22:15:10.623