Details of VAR-201909-1535

ID

VAR-201909-1535

CVE

CVE-2019-3731

TITLE

RSA BSAFE Crypto-C Micro Edition and Micro Edition Suite Vulnerability related to information disclosure caused by difference in response to security related processing

Trust: 0.8

sources: JVNDB: JVNDB-2019-010281

DESCRIPTION

RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. This vulnerability stems from configuration errors in network systems or products during operation

Trust: 1.71

sources: NVD: CVE-2019-3731 // JVNDB: JVNDB-2019-010281 // VULHUB: VHN-155166

AFFECTED PRODUCTS

vendor:	dell	model:	bsafe micro-edition-suite	scope:	gte	version:	4.0.0	Trust: 1.0
vendor:	dell	model:	bsafe micro-edition-suite	scope:	lt	version:	4.0.13	Trust: 1.0
vendor:	dell	model:	bsafe micro-edition-suite	scope:	gte	version:	4.1.0	Trust: 1.0
vendor:	dell	model:	bsafe crypto-c-micro-edition	scope:	lt	version:	4.1.4	Trust: 1.0
vendor:	dell	model:	bsafe micro-edition-suite	scope:	lt	version:	4.4.0	Trust: 1.0
vendor:	dell emc old emc	model:	rsa bsafe	scope:	lt	version:	4.4	Trust: 0.8
vendor:	dell emc old emc	model:	rsa bsafe crypto-c	scope:	lt	version:	4.1.4	Trust: 0.8

sources: JVNDB: JVNDB-2019-010281 // NVD: CVE-2019-3731

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-3731
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2019-3731
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-3731
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201909-1371
value:	HIGH
Trust: 0.6
VULHUB:	VHN-155166
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-3731
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-155166
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-3731
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2019-3731
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	CVE-2019-3731
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-155166 // JVNDB: JVNDB-2019-010281 // CNNVD: CNNVD-201909-1371 // NVD: CVE-2019-3731 // NVD: CVE-2019-3731

PROBLEMTYPE DATA

problemtype:	CWE-203	Trust: 1.9
problemtype:	CWE-310	Trust: 1.0

sources: VULHUB: VHN-155166 // JVNDB: JVNDB-2019-010281 // NVD: CVE-2019-3731

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1371

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201909-1371

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010281

PATCH

title:	DSA-2019-079: RSA BSAFE Crypto-C Micro Edition and Micro Edition Suite Multiple Security Vulnerabilities	url:	https://www.dell.com/support/security/ja-jp/details/DOC-107000/DSA-2019-079-RSA-BSAFE®-Crypto-C-Micro-Edition-and-Micro-Edition-Suite-Multiple-Security-Vulnerab	Trust: 0.8
title:	RSA BSAFE Crypto-C Micro Edition Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98750	Trust: 0.6

sources: JVNDB: JVNDB-2019-010281 // CNNVD: CNNVD-201909-1371

EXTERNAL IDS

db:	NVD	id:	CVE-2019-3731	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-010281	Trust: 0.8
db:	CNNVD	id:	CNNVD-201909-1371	Trust: 0.7
db:	VULHUB	id:	VHN-155166	Trust: 0.1

sources: VULHUB: VHN-155166 // JVNDB: JVNDB-2019-010281 // CNNVD: CNNVD-201909-1371 // NVD: CVE-2019-3731

REFERENCES

url:	https://www.dell.com/support/kbdoc/000194054	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3731	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3731	Trust: 0.8
url:	https://www.dell.com/support/security/en-us/details/doc-107000/dsa-2019-079-rsa-bsafe®-crypto-c-micro-edition-and-micro-edition-suite-multiple-security-vulnerab	Trust: 0.6

sources: VULHUB: VHN-155166 // JVNDB: JVNDB-2019-010281 // CNNVD: CNNVD-201909-1371 // NVD: CVE-2019-3731

SOURCES

db:	VULHUB	id:	VHN-155166
db:	JVNDB	id:	JVNDB-2019-010281
db:	CNNVD	id:	CNNVD-201909-1371
db:	NVD	id:	CVE-2019-3731

LAST UPDATE DATE

2024-11-23T22:48:14.071000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-155166	date:	2021-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-010281	date:	2019-10-10T00:00:00
db:	CNNVD	id:	CNNVD-201909-1371	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2019-3731	date:	2024-11-21T04:42:25.430

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-155166	date:	2019-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-010281	date:	2019-10-10T00:00:00
db:	CNNVD	id:	CNNVD-201909-1371	date:	2019-09-30T00:00:00
db:	NVD	id:	CVE-2019-3731	date:	2019-09-30T22:15:10.563