Article Number: 000194054
High
View details below for individual CVSS Score for each CVE.
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String | |
| Buffer Over-read – CVE-2019-3728 | RSA BSAFE Crypto-C Micro Edition versions before 4.0.5.4 (in 4.0.x) and before 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions before 4.0.13 (in 4.0.x) and before 4.4 (in 4.1.x, 4.2.x, and 4.3.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user may potentially exploit this vulnerability to cause a crash in the library of the affected system. | 7.5 | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | |
| Heap-based Buffer Overflow – CVE-2019-3729 | RSA BSAFE Micro Edition Suite versions before 4.4 (in 4.0.x, 4.1.x, 4.2.x, and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access may potentially exploit this vulnerability to cause a crash in the library of the affected system. | 2.4 | AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L | |
| Information Exposure Through an Error Message – CVE-2019-3730 | RSA BSAFE Micro Edition Suite versions before 4.1.6.3 (in 4.1.x) and before 4.4 (in 4.2.x, and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a "padding oracle attack vulnerability". A malicious remote user may potentially exploit this vulnerability to extract information leaving data at risk of exposure. | 5.9 | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | |
| Information Exposure Through Timing Discrepancy – CVE-2019-3731 | RSA BSAFE Crypto-C Micro Edition versions before 4.1.4 and RSA Micro Edition Suite versions before 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user may potentially exploit this vulnerability to extract information leaving data at risk of exposure. | 5.9 | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | |
| Information Exposure Through Timing Discrepancy – CVE-2019-3732 | RSA BSAFE Crypto-C Micro Edition, versions before 4.0.5.3 (in 4.0.x) and before 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions before 4.0.11 (in 4.0.x), before 4.1.6.1 (in 4.1.x), and before 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user may potentially exploit this vulnerability to extract information leaving data at risk of exposure. | 5.9 |
|
|
| Improper Clearing of Heap Memory Before Release ('Heap Inspection') – CVE-2019-3733 | RSA BSAFE Crypto-C Micro Edition, all versions before 4.1.4, are vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user may potentially exploit this vulnerability to extract information leaving data at risk of exposure. | 4.4 | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String | |
| Buffer Over-read – CVE-2019-3728 | RSA BSAFE Crypto-C Micro Edition versions before 4.0.5.4 (in 4.0.x) and before 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions before 4.0.13 (in 4.0.x) and before 4.4 (in 4.1.x, 4.2.x, and 4.3.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user may potentially exploit this vulnerability to cause a crash in the library of the affected system. | 7.5 | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | |
| Heap-based Buffer Overflow – CVE-2019-3729 | RSA BSAFE Micro Edition Suite versions before 4.4 (in 4.0.x, 4.1.x, 4.2.x, and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access may potentially exploit this vulnerability to cause a crash in the library of the affected system. | 2.4 | AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L | |
| Information Exposure Through an Error Message – CVE-2019-3730 | RSA BSAFE Micro Edition Suite versions before 4.1.6.3 (in 4.1.x) and before 4.4 (in 4.2.x, and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a "padding oracle attack vulnerability". A malicious remote user may potentially exploit this vulnerability to extract information leaving data at risk of exposure. | 5.9 | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | |
| Information Exposure Through Timing Discrepancy – CVE-2019-3731 | RSA BSAFE Crypto-C Micro Edition versions before 4.1.4 and RSA Micro Edition Suite versions before 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user may potentially exploit this vulnerability to extract information leaving data at risk of exposure. | 5.9 | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | |
| Information Exposure Through Timing Discrepancy – CVE-2019-3732 | RSA BSAFE Crypto-C Micro Edition, versions before 4.0.5.3 (in 4.0.x) and before 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions before 4.0.11 (in 4.0.x), before 4.1.6.1 (in 4.1.x), and before 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user may potentially exploit this vulnerability to extract information leaving data at risk of exposure. | 5.9 |
|
|
| Improper Clearing of Heap Memory Before Release ('Heap Inspection') – CVE-2019-3733 | RSA BSAFE Crypto-C Micro Edition, all versions before 4.1.4, are vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user may potentially exploit this vulnerability to extract information leaving data at risk of exposure. | 4.4 | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Affected Products:
RSA BSAFE Crypto-C Micro Edition
versions 4.0.x (CVE-2019-3733)
versions before 4.0.5.3 in the 4.0.x series (CVE-2019-3732)
versions before 4.0.5.4 in the 4.0.x series (CVE-2019-3728)
versions before 4.1.3.3 in the 4.1.x series (CVE-2019-3732)
RSA BSAFE Micro Edition Suite
versions before 4.0.11 in the 4.0.x series (CVE-2019-3732)
versions before 4.0.13 in the 4.0.x series (CVE-2019-3728, CVE-2019-3729, and CVE-2019-3731)
versions 4.1.x (CVE-2019-3728, CVE-2019-3729, and CVE-2019-3731)
versions 4.2.x (CVE-2019-3728, CVE-2019-3729, CVE-2019-3730, CVE-2019-3731, and CVE-2019-3732)
versions 4.3.x (CVE-2019-3728, CVE-2019-3729, CVE-2019-3730, and CVE-2019-3731)
versions before 4.1.6.1 in the 4.1.x series (CVE-2019-3732)
versions before 4.1.6.3 in the 4.1.x series (CVE-2019-3730)
RSA BSAFE Crypto-C Micro Edition version 4.0.5.3 (CVE-2019-3732)
RSA BSAFE Crypto-C Micro Edition version 4.1.4 (CVE-2019-3731, CVE-2019-3732, CVE-2019-3733, and CVE-2019-3728)
For additional documentation, downloads, and more, visit the RSA BSAFE page on RSA Link.
Severity Rating:
For an explanation of Severity Ratings, refer to Dell Vulnerability Response Policy. Dell recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
RSA BSAFE Micro Edition Suite version 4.0.11 (CVE-2019-3732)
RSA BSAFE Micro Edition Suite version 4.1.6.3 (CVE-2019-3730 and CVE-2019-3732)
RSA BSAFE Micro Edition Suite version 4.4 (CVE-2019-3729, CVE-2019-3730, CVE-2019-3731, CVE-2019-3732, CVE-2019-3733, and CVE-2019-3728)
Affected Products:
RSA BSAFE Crypto-C Micro Edition
versions 4.0.x (CVE-2019-3733)
versions before 4.0.5.3 in the 4.0.x series (CVE-2019-3732)
versions before 4.0.5.4 in the 4.0.x series (CVE-2019-3728)
versions before 4.1.3.3 in the 4.1.x series (CVE-2019-3732)
RSA BSAFE Micro Edition Suite
versions before 4.0.11 in the 4.0.x series (CVE-2019-3732)
versions before 4.0.13 in the 4.0.x series (CVE-2019-3728, CVE-2019-3729, and CVE-2019-3731)
versions 4.1.x (CVE-2019-3728, CVE-2019-3729, and CVE-2019-3731)
versions 4.2.x (CVE-2019-3728, CVE-2019-3729, CVE-2019-3730, CVE-2019-3731, and CVE-2019-3732)
versions 4.3.x (CVE-2019-3728, CVE-2019-3729, CVE-2019-3730, and CVE-2019-3731)
versions before 4.1.6.1 in the 4.1.x series (CVE-2019-3732)
versions before 4.1.6.3 in the 4.1.x series (CVE-2019-3730)
RSA BSAFE Crypto-C Micro Edition version 4.0.5.3 (CVE-2019-3732)
RSA BSAFE Crypto-C Micro Edition version 4.1.4 (CVE-2019-3731, CVE-2019-3732, CVE-2019-3733, and CVE-2019-3728)
For additional documentation, downloads, and more, visit the RSA BSAFE page on RSA Link.
Severity Rating:
For an explanation of Severity Ratings, refer to Dell Vulnerability Response Policy. Dell recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
RSA BSAFE Micro Edition Suite version 4.0.11 (CVE-2019-3732)
RSA BSAFE Micro Edition Suite version 4.1.6.3 (CVE-2019-3730 and CVE-2019-3732)
RSA BSAFE Micro Edition Suite version 4.4 (CVE-2019-3729, CVE-2019-3730, CVE-2019-3731, CVE-2019-3732, CVE-2019-3733, and CVE-2019-3728)
| Revision | Date | Description |
| 1.0 | 2019-09-11 | Initial Release |
| 1.1 | 2021-02-21 | Updated |
BSAFE Crypto-C Micro Edition, BSAFE Micro Edition Suite, Product Security Information
24 Jan 2022
Dell Security Advisory