CVE-2020-35168: 
Oracle Database Server Analisi e mitigazione delle vulnerabilità

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. This vulnerability was assigned CVE-2020-35168 and was disclosed in December 2020 (CVE Mitre).

The vulnerability is classified as an Observable Timing Discrepancy issue with a CVSS Base Score of 4.7. The CVSS Vector String is AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access is required, high attack complexity, low privileges required, no user interaction needed, unchanged scope, high confidentiality impact, but no impact on integrity or availability (Dell Advisory).

The vulnerability could potentially lead to high confidentiality impact if successfully exploited, though it requires local access and has high attack complexity. There is no impact on system integrity or availability (Dell Advisory).

The vulnerability has been fixed in Dell BSAFE Crypto-C Micro Edition version 4.1.5 and Dell BSAFE Micro Edition Suite version 4.6. Users should upgrade to these or later versions. Dell notes that workarounds or mitigations may exist based on individual use cases, but these details are only available to customers with active BSAFE maintenance contracts (Dell Advisory).