CVE-2022-24409 — Covert Timing Channel in Dell Bsafe Ssl-j

CWE-385 — Covert Timing Channel4 documents4 sources

Severity

7.5HIGHNVD

CNA5.9

EPSS

0.7%

top 26.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Bsafe Ssl-j Dell Bsafe Ssl-j

Timeline

PublishedFeb 23

Latest updateJul 15

Description

Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

▶NVDdell/bsafe_ssl-j6.1.0 — 6.4

▶CVEListV5dell/dell_bsafe_ssl-j5.1 — unspecified+1

🔴Vulnerability Details

GHSA

GHSA-qrhr-42fp-q7c4: Only customers with active BSAFE maintenance contracts can receive details about this vulnerability↗2022-02-24

▶

CVEList

CVE-2022-24409: Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected sy↗2022-02-23

▶

📋Vendor Advisories

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Centralized Thirdparty Jars (BSAFE SSL-J) — CVE-2022-24409↗2023-07-15

▶