CVE-2016-8212Improper Resource Shutdown or Release in Dell Bsafe Crypto-j

CWE-404Improper Resource Shutdown or Release3 documents3 sources
Severity
7.5HIGHNVD
CNA7.6
EPSS
1.1%
top 21.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dell Bsafe Crypto-j
Timeline
PublishedFeb 3
Latest updateMay 13

Description

An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpdate as indicating that the OCSP response is valid indefinitely instead of restricting its validity for a brief period surrounding the thisUpdate time. This vulnerability is similar to the issue described

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDdell/bsafe_crypto-j< 6.2.2

🔴Vulnerability Details

2
GHSA
GHSA-xm3c-w6gm-7q8v: An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 62022-05-13
CVEList
CVE-2016-8212: An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 62017-02-03
CVE-2016-8212 — Improper Resource Shutdown or Release | cvebase