VYPR

Bsafe Crypto J

by Dell

CVEs (10)

  • CVE-2016-8212HigFeb 3, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the…

  • CVE-2016-0887MedApr 12, 2016
    risk 0.39cvss 5.9epss 0.04

    EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a…

  • CVE-2018-11070MedSep 11, 2018
    risk 0.38cvss 5.9epss 0.02

    RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.

  • CVE-2016-8217LowFeb 3, 2017
    risk 0.24cvss 3.7epss 0.01

    EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12…

  • CVE-2025-26333Sep 25, 2025
    risk 0.00cvss epss 0.00

    Dell BSAFE Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure.

  • CVE-2022-34381Feb 2, 2024
    risk 0.00cvss epss 0.01

    Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise…

  • CVE-2019-3740Sep 18, 2019
    risk 0.00cvss epss 0.04

    RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.

  • CVE-2019-3739Sep 18, 2019
    risk 0.00cvss epss 0.03

    RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.

  • CVE-2019-3738Sep 18, 2019
    risk 0.00cvss epss 0.02

    RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.

  • CVE-2007-6755Oct 11, 2013
    risk 0.00cvss epss 0.01

    The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat…