CVE-2022-24409

Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date.

CVSS v3.0 7.5 HIGH
CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*

Information

Published : 2022-02-23 14:15

Updated : 2022-09-29 19:39

NVD link : CVE-2022-24409

Mitre link : CVE-2022-24409

JSON object : View

CWE

NVD-CWE-Other

Products Affected

dell

bsafe_ssl-j

7.5 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2022-24409

7.5^/10

7.5^/10

Attach tags to `CVE-2022-24409`