CVE-2016-8212

CVE-2016-8212 is a high-severity vulnerability in Dell Bsafe Crypto-j with a CVSS 3.x base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-404.

Key facts

Description

An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpdate as indicating that the OCSP response is valid indefinitely instead of restricting its validity for a brief period surrounding the thisUpdate time. This vulnerability is similar to the issue described in CVE-2015-4748.

Frequently asked questions

What is CVE-2016-8212?
An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpdate as indicating that the OCSP response is valid indefinitely instead of restricting its validity for a brief period surrounding the thisUpdate time. This vulnerability is similar to the issue described in CVE-2015-4748.
How severe is CVE-2016-8212?
CVE-2016-8212 has a CVSS 3.x base score of 7.5, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
Is CVE-2016-8212 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (77th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2016-8212?
CVE-2016-8212 affects Dell Bsafe Crypto-j. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2016-8212?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
When was CVE-2016-8212 published?
CVE-2016-8212 was published on 2017-02-03 and last updated on 2026-06-17.

References

Affected products (1)

More vulnerabilities in Dell Bsafe Crypto-j

All CVEs affecting Dell Bsafe Crypto-j →

Other CWE-404 vulnerabilities

Browse all CWE-404 vulnerabilities →