- Description
- RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
- Source
- security_alert@emc.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 3.0
- Type
- Secondary
- Base score
- 5.9
- Impact score
- 3.6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67775642-F21E-45AB-800D-729B92599238",
"versionEndExcluding": "4.1.6.3",
"versionStartIncluding": "4.1.0"
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "678ACB4C-EA43-4B57-A0C7-C6C95E635659",
"versionEndExcluding": "4.4.0",
"versionStartIncluding": "4.2.0"
}
],
"operator": "OR"
}
]
}
]