Covert Timing Channel Vulnerability in RSA BSAFE SSL-J by RSA Security
CVE-2018-11069

5.9MEDIUM

Key Information:

Vendor: Dell
Status: Rsa Bsafe Ssl-j
Vendor: CVE Published:; 11 September 2018

Summary

RSA BSAFE SSL-J versions earlier than 6.2.4 are susceptible to a Covert Timing Channel vulnerability during the RSA decryption process. This vulnerability, often associated with the Bleichenbacher attack, could potentially allow a remote attacker to extract the RSA key, threatening the confidentiality and integrity of secured communications. Ensuring that systems are updated to the latest version is critical to safeguarding against potential exploits.

Affected Version(s)

RSA BSAFE SSL-J < 6.2.4

References

http://www.securitytracker.com/id/1041614

vdb-entryx_refsource_SECTRACK

https://seclists.org/fulldisclosure/2018/Sep/7

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 11, 2018
Vulnerability Reserved
May 14, 2018