Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.2
CVSSv3

CVE-2021-43393

Published: 04/03/2022 Updated: 10/03/2022
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 6.2 | Impact Score: 3.6 | Exploitability Score: 2.5
VMScore: 169
Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N
Subscribe to St

Vulnerability Summary

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow malicious users to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

st stsafe-j_firmware 1.1.4

st j-safe3_firmware 1.2.5

References

CWE-347https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-169/https://community.st.com/s/toparticleshttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook