CVE-2016-0887Sensitive Information Exposure in Dell Bsafe Crypto-j

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.9%
top 23.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Dell Bsafe Crypto-jDell Bsafe Micro-edition-suiteDell Bsafe Ssl-c+2 more
Timeline
PublishedApr 12
Latest updateMay 13

Description

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages5 packages

NVDdell/bsafe_crypto-c-micro-edition4.04.0.5.3+1
NVDdell/bsafe_micro-edition-suite4.1.04.1.5+1
NVDdell/bsafe_crypto-j< 6.2.1
NVDdell/bsafe_ssl-c< 2.8.9
NVDdell/bsafe_ssl-j< 6.2.1

🔴Vulnerability Details

2
GHSA
GHSA-vw3p-m8x2-42w7: EMC RSA BSAFE Micro Edition Suite (MES) 42022-05-13
CVEList
CVE-2016-0887: EMC RSA BSAFE Micro Edition Suite (MES) 42016-04-12
CVE-2016-0887 — Sensitive Information Exposure in Dell | cvebase