CVE-2020-35163: 
Oracle Database Server vulnerability analysis and mitigation

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability identified as CVE-2020-35163. The vulnerability was disclosed in December 2020 and affects the cryptographic functionality of these security products (Dell Advisory).

The vulnerability has been assigned a CVSS Base Score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating it is network exploitable with low attack complexity and requires no privileges or user interaction. The vulnerability stems from the use of insufficiently random values in cryptographic operations, which could potentially weaken the security of the cryptographic implementations (Dell Advisory).

The vulnerability could lead to information disclosure due to the use of insufficiently random values in cryptographic operations. The CVSS scoring indicates that successful exploitation could result in low impact to confidentiality, with no impact on integrity or availability (Dell Advisory).

Dell has released updated versions to address this vulnerability. Users should upgrade Dell BSAFE Crypto-C Micro Edition to version 4.1.5 or later, and Dell BSAFE Micro Edition Suite to version 4.6 or later. Dell notes that workarounds or mitigations may exist based on individual use cases, but these are only available to customers with active BSAFE maintenance contracts (Dell Advisory).