CVE-2019-3730

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
References
Link Resource
https://www.dell.com/support/kbdoc/000194054 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*

History

12 Apr 2022, 18:40

Type Values Removed Values Added
References (MISC) https://www.dell.com/support/kbdoc/000194054 - (MISC) https://www.dell.com/support/kbdoc/000194054 - Vendor Advisory

04 Feb 2022, 23:15

Type Values Removed Values Added
References
  • {'url': 'https://www.dell.com/support/security/en-us/details/DOC-107000/DSA-2019-079-RSA-BSAFE®-Crypto-C-Micro-Edition-and-Micro-Edition-Suite-Multiple-Security-Vulnerab', 'name': 'https://www.dell.com/support/security/en-us/details/DOC-107000/DSA-2019-079-RSA-BSAFE®-Crypto-C-Micro-Edition-and-Micro-Edition-Suite-Multiple-Security-Vulnerab', 'tags': ['Third Party Advisory'], 'refsource': 'MISC'}
  • (MISC) https://www.dell.com/support/kbdoc/000194054 -

09 Dec 2021, 18:21

Type Values Removed Values Added
CPE cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:* cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*

30 Nov 2021, 17:25

Type Values Removed Values Added
CPE cpe:2.3:a:emc:rsa_bsafe:*:*:*:*:micro_edition_suite:*:*:* cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*

Information

Published : 2019-09-30 22:15

Updated : 2023-12-10 13:13


NVD link : CVE-2019-3730

Mitre link : CVE-2019-3730

CVE.ORG link : CVE-2019-3730


JSON object : View

Products Affected

dell

  • bsafe_micro-edition-suite
CWE
CWE-209

Generation of Error Message Containing Sensitive Information

CWE-649

Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking