CVE-2019-3733

RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

CVSS v3 4.9 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.dell.com/support/kbdoc/000194054	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:bsafe_crypto-c-micro-edition::::::::
	cpe:2.3:a:emc:rsa_bsafe_crypto-c::::::::

History

12 Apr 2022, 18:40

Type	Values Removed	Values Added
References	~~(MISC) https://www.dell.com/support/kbdoc/000194054 -~~	(MISC) https://www.dell.com/support/kbdoc/000194054 - Vendor Advisory

04 Feb 2022, 23:15

Type	Values Removed	Values Added
References	{'url': 'https://www.dell.com/support/security/en-us/details/DOC-107000/DSA-2019-079-RSA-BSAFE®-Crypto-C-Micro-Edition-and-Micro-Edition-Suite-Multiple-Security-Vulnerab', 'name': 'https://www.dell.com/support/security/en-us/details/DOC-107000/DSA-2019-079-RSA-BSAFE®-Crypto-C-Micro-Edition-and-Micro-Edition-Suite-Multiple-Security-Vulnerab', 'tags': ['Third Party Advisory'], 'refsource': 'MISC'}	(MISC) https://www.dell.com/support/kbdoc/000194054 -

09 Dec 2021, 18:17

Type	Values Removed	Values Added
CPE	cpe:2.3:a:dell:bsafe_crypto-c:::::micro:::*	cpe:2.3:a:dell:bsafe_crypto-c-micro-edition::::::::

30 Nov 2021, 18:52

Type	Values Removed	Values Added
CPE	cpe:2.3:a:emc:rsa_bsafe_crypto-c:::::micro:::*	cpe:2.3:a:dell:bsafe_crypto-c:::::micro:::*

02 Nov 2021, 19:10

Type	Values Removed	Values Added
CWE	~~CWE-200~~	CWE-459

Information

Published : 2019-09-30 22:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-3733

Mitre link : CVE-2019-3733

CVE.ORG link : CVE-2019-3733

JSON object : View

Products Affected

dell

bsafe_crypto-c-micro-edition

emc

rsa_bsafe_crypto-c

CWE

CWE-459

Incomplete Cleanup

CWE-316

Cleartext Storage of Sensitive Information in Memory

4.9 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2019-3733

4.9^/10

4.0^/10

Attach tags to `CVE-2019-3733`