Sign-up

ID

VAR-201909-1536


CVE

CVE-2019-3730


TITLE

RSA BSAFE Micro Edition Suite Vulnerabilities related to information disclosure due to error messages

Trust: 0.8

sources: JVNDB: JVNDB-2019-010280

DESCRIPTION

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. Dell RSA BSAFE Micro Edition Suite is an encryption toolkit of Dell (Dell). This vulnerability stems from configuration errors in network systems or products during operation

Trust: 1.8

sources: NVD: CVE-2019-3730 // JVNDB: JVNDB-2019-010280 // VULHUB: VHN-155165 // VULMON: CVE-2019-3730

AFFECTED PRODUCTS

vendor:dellmodel:bsafe micro-edition-suitescope:ltversion:4.1.6.3

Trust: 1.0

vendor:dellmodel:bsafe micro-edition-suitescope:gteversion:4.2.0

Trust: 1.0

vendor:dellmodel:bsafe micro-edition-suitescope:gteversion:4.1.0

Trust: 1.0

vendor:dellmodel:bsafe micro-edition-suitescope:ltversion:4.4.0

Trust: 1.0

vendor:dell emc old emcmodel:rsa bsafescope:eqversion:4.2.x

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafescope:ltversion:4.1.x

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafescope:eqversion:4.1.6.3

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafescope:eqversion:4.3.x

Trust: 0.8

sources: JVNDB: JVNDB-2019-010280 // NVD: CVE-2019-3730

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3730
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2019-3730
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3730
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-1370
value: HIGH

Trust: 0.6

VULHUB: VHN-155165
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-3730
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3730
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-155165
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3730
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2019-3730
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2019-3730
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-155165 // VULMON: CVE-2019-3730 // JVNDB: JVNDB-2019-010280 // CNNVD: CNNVD-201909-1370 // NVD: CVE-2019-3730 // NVD: CVE-2019-3730

PROBLEMTYPE DATA

problemtype:CWE-209

Trust: 1.9

problemtype:CWE-649

Trust: 1.0

sources: VULHUB: VHN-155165 // JVNDB: JVNDB-2019-010280 // NVD: CVE-2019-3730

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1370

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201909-1370

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010280

PATCH
title:DSA-2019-079: RSA BSAFE Crypto-C Micro Edition and Micro Edition Suite Multiple Security Vulnerabilitiesurl:https://www.dell.com/support/security/ja-jp/details/DOC-107000/DSA-2019-079-RSA-BSAFE®-Crypto-C-Micro-Edition-and-Micro-Edition-Suite-Multiple-Security-Vulnerab
Trust: 0.8
title:RSA BSAFE Micro Edition Suite Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98749
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010280 // 
            
            
            
            CNNVD: CNNVD-201909-1370

EXTERNAL IDS
db:NVDid:CVE-2019-3730
Trust: 2.6
db:JVNDBid:JVNDB-2019-010280
Trust: 0.8
db:CNNVDid:CNNVD-201909-1370
Trust: 0.7
db:VULHUBid:VHN-155165
Trust: 0.1
db:VULMONid:CVE-2019-3730
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155165 // 
            
            
            
            VULMON: CVE-2019-3730 // 
            
            
            
            JVNDB: JVNDB-2019-010280 // 
            
            
            
            CNNVD: CNNVD-201909-1370 // 
            
            
            
            NVD: CVE-2019-3730

REFERENCES
url:https://www.dell.com/support/kbdoc/000194054
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-3730
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3730
Trust: 0.8
url:https://www.dell.com/support/security/en-us/details/doc-107000/dsa-2019-079-rsa-bsafe®-crypto-c-micro-edition-and-micro-edition-suite-multiple-security-vulnerab
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/209.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155165 // 
            
            
            
            VULMON: CVE-2019-3730 // 
            
            
            
            JVNDB: JVNDB-2019-010280 // 
            
            
            
            CNNVD: CNNVD-201909-1370 // 
            
            
            
            NVD: CVE-2019-3730

SOURCES
db:VULHUBid:VHN-155165
db:VULMONid:CVE-2019-3730
db:JVNDBid:JVNDB-2019-010280
db:CNNVDid:CNNVD-201909-1370
db:NVDid:CVE-2019-3730

LAST UPDATE DATE
2024-11-23T21:59:40.732000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155165date:2021-12-09T00:00:00
db:VULMONid:CVE-2019-3730date:2022-04-12T00:00:00
db:JVNDBid:JVNDB-2019-010280date:2019-10-10T00:00:00
db:CNNVDid:CNNVD-201909-1370date:2022-03-10T00:00:00
db:NVDid:CVE-2019-3730date:2024-11-21T04:42:25.310

SOURCES RELEASE DATE
db:VULHUBid:VHN-155165date:2019-09-30T00:00:00
db:VULMONid:CVE-2019-3730date:2019-09-30T00:00:00
db:JVNDBid:JVNDB-2019-010280date:2019-10-10T00:00:00
db:CNNVDid:CNNVD-201909-1370date:2019-09-30T00:00:00
db:NVDid:CVE-2019-3730date:2019-09-30T22:15:10.500