#VU65451 Improper input validation in RSA BSAFE Micro Edition Suite and RSA BSAFE Crypto-C - CVE-2020-35169

Cybersecurity Help s.r.o.

Published: 2022-07-19 | Updated: 2024-01-19

Vulnerability identifier: #VU65451

Vulnerability risk: High

CVSSv4.0: 8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-35169

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
RSA BSAFE Micro Edition Suite
Client/Desktop applications / Other client software
RSA BSAFE Crypto-C
Server applications / Encryption software

Vendor: Dell

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

RSA BSAFE Micro Edition Suite: before 4.5.2

RSA BSAFE Crypto-C: before 4.1.5

External links
https://www.dell.com/support/kbdoc/nl-nl/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Oracle Communications Billing and Revenue Management

Multiple vulnerabilities in Oracle Blockchain Platform

Multiple vulnerabilities in Oracle Database Server

Multiple vulnerabilities in Oracle GoldenGate

Improper input validation in Oracle Security Service

Multiple vulnerabilities in Oracle HTTP Server

Improper input validation in Oracle WebLogic Server Proxy Plug-In

Multiple vulnerabilities in Dell BSAFE Crypto-C and Micro Edition Suite