What is CVE-2016-8217?

CVE-2016-8217 is a low-severity vulnerability in Dell Bsafe_crypto-j, classified under Information Disclosure. CVSS score: 3.7/10. Published 2017-02-03.

How severe is CVE-2016-8217?

Low severity. CVSS v3 base score is 3.7 out of 10.

Information disclosure in Dell Bsafe_crypto-j

CVE-2016-8217

EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker…

Vulnerability class: Information Disclosure

EPSS: 0.015 (70.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Dell Bsafe_crypto-j
N/a Rsa Bsafe Crypto-j Versions Prior To 6.2.2 — versions RSA BSAFE Crypto-J RSA BSAFE Crypto-J versions prior to 6.2.2

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

security_alert@emc.com (x_refsource_CONFIRM, Mailing List, VDB Entry, Third Party Advisory)
security_alert@emc.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
security_alert@emc.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2016-8217?: CVE-2016-8217 is a low-severity vulnerability in Dell Bsafe_crypto-j, classified under Information Disclosure. CVSS score: 3.7/10. Published 2017-02-03.
How severe is CVE-2016-8217?: Low severity. CVSS v3 base score is 3.7 out of 10.