CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34381
https://notcve.org/view.php?id=CVE-2022-34381
02 Feb 2024 — Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity. Dell BSAFE SSL-J versión 7.0 y todas las versiones anteriores a 6.5, y las versiones Dell BSAFE Crypto-J an... • https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability • CWE-1329: Reliance on Component That is Not Updateable •
CVSS: 6.5EPSS: 0%CPEs: 47EXPL: 0CVE-2019-3740
https://notcve.org/view.php?id=CVE-2019-3740
18 Sep 2019 — RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys. RSA BSAFE Crypto-J versiones anteriores a 6.2.5, son susceptibles a una vulnerabilidad de Exposición de Información por medio de vulnerabilidades de Discrepancia de Sincronización durante la generación de claves DSA. Un atacante remoto malicioso podría explota... • https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities • CWE-203: Observable Discrepancy CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 39EXPL: 0CVE-2019-3739
https://notcve.org/view.php?id=CVE-2019-3739
18 Sep 2019 — RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys. RSA BSAFE Crypto-J versiones anteriores a 6.2.5, son vulnerables a la Exposición de Información por medio de vulnerabilidades de Discrepancia de Sincronización durante la generación de claves ECDSA. Un atacante remoto malicioso podría explotar potencialmente ... • https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities • CWE-203: Observable Discrepancy CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 42EXPL: 0CVE-2019-3738
https://notcve.org/view.php?id=CVE-2019-3738
18 Sep 2019 — RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key. RSA BSAFE Crypto-J en versiones anteriores a la 6.2.5, son susceptibles a una vulnerabilidad Missing Required Cryptographic Step. Un atacante remoto malicioso podría explotar potencialmente esta vulnerabilidad para obligar a dos partes a calcular la misma... • https://kc.mcafee.com/corporate/index?page=content&id=SB10318 • CWE-325: Missing Cryptographic Step CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11070 – RSA BSAFE SSL-J / Crypto-J Heap Clearing / Timing Channel
https://notcve.org/view.php?id=CVE-2018-11070
07 Sep 2018 — RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key. RSA BSAFE Crypto-J en versiones anteriores a la 6.2.4 y RSA BSAFE SSL-J en versiones anteriores a la 6.2.4 contienen una vulnerabilidad de canal de tiempo oculto durante las operaciones de "unpadding" PKCS #1. Esto también se conoce como ataque Bleich... • http://www.securitytracker.com/id/1041614 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-8212 – RSA BSAFE Crypto-J Cryptography Failure
https://notcve.org/view.php?id=CVE-2016-8212
28 Jan 2017 — An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpdate as indicating that the OCSP response is valid indefinitely instead of restricting its validity for a brief period surrounding the thisUpdate time. • http://www.securityfocus.com/archive/1/540066/30/0/threaded • CWE-404: Improper Resource Shutdown or Release •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8217 – RSA BSAFE Crypto-J Cryptography Failure
https://notcve.org/view.php?id=CVE-2016-8217
28 Jan 2017 — EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible because Crypto-J uses a non-constant-time method to compare the stored MAC with the calculated MAC. This vulnerability is similar to the issue described ... • http://www.securityfocus.com/archive/1/540066/30/0/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2016-0887 – RSA BSAFE Lenstra's Attack
https://notcve.org/view.php?id=CVE-2016-0887
11 Apr 2016 — EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session. EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x y 4.1.x en versiones anteriores a ... • http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2007-6755
https://notcve.org/view.php?id=CVE-2007-6755
11 Oct 2013 — The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead t... • http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •