The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
Base Score: 4.3
Impact Score: 2.9
Exploitability Score: 8.6
Base Score: 6.5
Impact Score: 3.6
Exploitability Score: 2.8
cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:* versions up to 6.2.4 (inclusive)
cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:* versions up to 220.127.116.11 (inclusive)