CVE-2020-35166: 
Oracle Database Server vulnerability analysis and mitigation

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. The vulnerability was assigned CVE-2020-35166 with a CVSS base score of 5.1 and vector string AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N. The affected products include Dell BSAFE Crypto-C Micro Edition (all versions before 4.1.5) and Dell BSAFE Micro Edition Suite (all versions before 4.6) (Dell Advisory).

The vulnerability is characterized as an Observable Timing Discrepancy issue. It requires local access (AV:L) with high attack complexity (AC:H), requires no privileges (PR:N), and needs no user interaction (UI:N). The scope is unchanged (S:U), with potential for high confidentiality impact (C:H) but no impact on integrity (I:N) or availability (A:N) (Dell Advisory).

The vulnerability could potentially lead to high confidentiality impact, allowing an attacker to gain access to sensitive information through timing analysis. However, the attack requires local access and is complex to execute, which somewhat limits its potential impact (Dell Advisory).

Dell has released updated versions to address this vulnerability. Users should upgrade Dell BSAFE Crypto-C Micro Edition to version 4.1.5 or later, and Dell BSAFE Micro Edition Suite to version 4.6 or later. Dell notes that workarounds or mitigations may exist based on individual use cases, but these are only available to customers with active BSAFE maintenance contracts (Dell Advisory).