Lucene search

[email protected]CVE-2020-35167

HistoryJul 11, 2022 - 8:15 p.m.

CVE-2020-35167

2022-07-1120:15:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2020-35167

dell

bsafe crypto-c

micro edition

vulnerability

timing discrepancy

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.1%

JSON

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

CPENameOperatorVersion
dell:bsafe_crypto-c-micro-editiondell bsafe crypto-c-micro-editionlt4.1.5
dell:bsafe_micro-edition-suitedell bsafe micro-edition-suitelt4.6
oracle:http_serveroracle http servereq12.2.1.3.0
oracle:security_serviceoracle security serviceeq12.2.1.3.0
oracle:security_serviceoracle security serviceeq12.2.1.4.0
oracle:databaseoracle databaseeq12.1.0.2
oracle:databaseoracle databaseeq19c
oracle:http_serveroracle http servereq12.2.1.4.0
oracle:weblogic_server_proxy_plug-inoracle weblogic server proxy plug-ineq12.2.1.3.0
oracle:weblogic_server_proxy_plug-inoracle weblogic server proxy plug-ineq12.2.1.4.0

CPE	Name	Operator	Version
dell:bsafe_crypto-c-micro-edition	dell bsafe crypto-c-micro-edition	lt	4.1.5
dell:bsafe_micro-edition-suite	dell bsafe micro-edition-suite	lt	4.6
oracle:http_server	oracle http server	eq	12.2.1.3.0
oracle:security_service	oracle security service	eq	12.2.1.3.0
oracle:security_service	oracle security service	eq	12.2.1.4.0
oracle:database	oracle database	eq	12.1.0.2
oracle:database	oracle database	eq	19c
oracle:http_server	oracle http server	eq	12.2.1.4.0
oracle:weblogic_server_proxy_plug-in	oracle weblogic server proxy plug-in	eq	12.2.1.3.0
oracle:weblogic_server_proxy_plug-in	oracle weblogic server proxy plug-in	eq	12.2.1.4.0

Rows per page:

1-10 of 111

References

www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

www.oracle.com/security-alerts/cpujul2022.html

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.1%

JSON

Related for CVE-2020-35167

cnvd1 prion1 nessus3 oracle6