Information exposure through an error message in RSA BSAFE Micro Edition Suite



Published: 2019-10-01
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-3730
CWE-ID CWE-209
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		RSA BSAFE Micro Edition Suite
Client/Desktop applications / Other client software

Vendor Dell

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Information Exposure Through an Error Message

EUVDB-ID: #VU21460

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3730

CWE-ID: CWE-209 - Information Exposure Through an Error Message

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected software generates an error message that includes sensitive information about its environment, users, or associated data. A remote attacker can extract information leaving data at risk of exposure.

This vulnerability affects the following versions:
  • RSA BSAFE Micro Edition Suite - versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x)

Mitigation

Install updates from vendor's website.

Vulnerable software versions

RSA BSAFE Micro Edition Suite: before 4.4

External links

http://www.dell.com/support/security/en-us/details/DOC-107000/DSA-2019-079-RSA-BSAFE®-Crypto-C-Micro-Edition-and-Micro-Edition-Suite-Multiple-Security-Vulnerab


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###