CVE-2019-3730Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking in Dell RSA Bsafe MES

CWE-649Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity CheckingCWE-209Information Exposure via Error Message3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 70.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell RSA Bsafe MESDell Bsafe Micro-edition-suite
Timeline
PublishedSep 30
Latest updateMay 24

Description

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDdell/bsafe_micro-edition-suite4.1.04.1.6.3+1
CVEListV5dell/rsa_bsafe_mesunspecified4.4

🔴Vulnerability Details

2
GHSA
GHSA-jjf7-f765-jjf2: RSA BSAFE Micro Edition Suite versions prior to 42022-05-24
CVEList
CVE-2019-3730: RSA BSAFE Micro Edition Suite versions prior to 42019-09-30
CVE-2019-3730 — Dell RSA Bsafe MES vulnerability | cvebase