CVE-2019-3740
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
RSA BSAFE Crypto-J versiones anteriores a 6.2.5, son susceptibles a una vulnerabilidad de Exposición de Información por medio de vulnerabilidades de Discrepancia de Sincronización durante la generación de claves DSA. Un atacante remoto malicioso podría explotar potencialmente esas vulnerabilidades para recuperar claves DSA.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-01-03 CVE Reserved
- 2019-09-18 CVE Published
- 2024-08-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-203: Observable Discrepancy
- CWE-310: Cryptographic Issues
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.oracle.com//security-alerts/cpujul2021.html | 2023-11-07 | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | 2023-11-07 | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | 2023-11-07 | |
| https://www.oracle.com/security-alerts/cpujul2020.html | 2023-11-07 | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | 2023-11-07 | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | 2023-11-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Bsafe Cert-j Search vendor "Dell" for product "Bsafe Cert-j" | <= 6.2.4 Search vendor "Dell" for product "Bsafe Cert-j" and version " <= 6.2.4" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Bsafe Crypto-j Search vendor "Dell" for product "Bsafe Crypto-j" | < 6.2.5 Search vendor "Dell" for product "Bsafe Crypto-j" and version " < 6.2.5" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Bsafe Ssl-j Search vendor "Dell" for product "Bsafe Ssl-j" | <= 6.2.4.1 Search vendor "Dell" for product "Bsafe Ssl-j" and version " <= 6.2.4.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Application Performance Management Search vendor "Oracle" for product "Application Performance Management" | 13.3.0.0 Search vendor "Oracle" for product "Application Performance Management" and version "13.3.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Application Performance Management Search vendor "Oracle" for product "Application Performance Management" | 13.4.0.0 Search vendor "Oracle" for product "Application Performance Management" and version "13.4.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Network Integrity Search vendor "Oracle" for product "Communications Network Integrity" | 7.3.2 Search vendor "Oracle" for product "Communications Network Integrity" and version "7.3.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Network Integrity Search vendor "Oracle" for product "Communications Network Integrity" | 7.3.5 Search vendor "Oracle" for product "Communications Network Integrity" and version "7.3.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Network Integrity Search vendor "Oracle" for product "Communications Network Integrity" | 7.3.6 Search vendor "Oracle" for product "Communications Network Integrity" and version "7.3.6" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Unified Inventory Management Search vendor "Oracle" for product "Communications Unified Inventory Management" | 7.3.2 Search vendor "Oracle" for product "Communications Unified Inventory Management" and version "7.3.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Unified Inventory Management Search vendor "Oracle" for product "Communications Unified Inventory Management" | 7.3.4 Search vendor "Oracle" for product "Communications Unified Inventory Management" and version "7.3.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Unified Inventory Management Search vendor "Oracle" for product "Communications Unified Inventory Management" | 7.3.5 Search vendor "Oracle" for product "Communications Unified Inventory Management" and version "7.3.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Unified Inventory Management Search vendor "Oracle" for product "Communications Unified Inventory Management" | 7.4.0 Search vendor "Oracle" for product "Communications Unified Inventory Management" and version "7.4.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Unified Inventory Management Search vendor "Oracle" for product "Communications Unified Inventory Management" | 7.4.1 Search vendor "Oracle" for product "Communications Unified Inventory Management" and version "7.4.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Search vendor "Oracle" for product "Database" | 12.1.0.2 Search vendor "Oracle" for product "Database" and version "12.1.0.2" | enterprise |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Search vendor "Oracle" for product "Database" | 12.2.0.1 Search vendor "Oracle" for product "Database" and version "12.2.0.1" | enterprise |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Search vendor "Oracle" for product "Database" | 18c Search vendor "Oracle" for product "Database" and version "18c" | enterprise |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Search vendor "Oracle" for product "Database" | 19c Search vendor "Oracle" for product "Database" and version "19c" | enterprise |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Global Lifecycle Management Opatch Search vendor "Oracle" for product "Global Lifecycle Management Opatch" | < 12.2.0.1.22 Search vendor "Oracle" for product "Global Lifecycle Management Opatch" and version " < 12.2.0.1.22" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Goldengate Search vendor "Oracle" for product "Goldengate" | < 19.1.0.0.0.210420 Search vendor "Oracle" for product "Goldengate" and version " < 19.1.0.0.0.210420" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Assortment Planning Search vendor "Oracle" for product "Retail Assortment Planning" | 15.0.3.0 Search vendor "Oracle" for product "Retail Assortment Planning" and version "15.0.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Assortment Planning Search vendor "Oracle" for product "Retail Assortment Planning" | 16.0.3.0 Search vendor "Oracle" for product "Retail Assortment Planning" and version "16.0.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Integration Bus Search vendor "Oracle" for product "Retail Integration Bus" | 14.1 Search vendor "Oracle" for product "Retail Integration Bus" and version "14.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Integration Bus Search vendor "Oracle" for product "Retail Integration Bus" | 15.0 Search vendor "Oracle" for product "Retail Integration Bus" and version "15.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Integration Bus Search vendor "Oracle" for product "Retail Integration Bus" | 16.0 Search vendor "Oracle" for product "Retail Integration Bus" and version "16.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Predictive Application Server Search vendor "Oracle" for product "Retail Predictive Application Server" | 14.1.3.0 Search vendor "Oracle" for product "Retail Predictive Application Server" and version "14.1.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Predictive Application Server Search vendor "Oracle" for product "Retail Predictive Application Server" | 15.0 Search vendor "Oracle" for product "Retail Predictive Application Server" and version "15.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Predictive Application Server Search vendor "Oracle" for product "Retail Predictive Application Server" | 15.0.3.0 Search vendor "Oracle" for product "Retail Predictive Application Server" and version "15.0.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Predictive Application Server Search vendor "Oracle" for product "Retail Predictive Application Server" | 16.0.3.0 Search vendor "Oracle" for product "Retail Predictive Application Server" and version "16.0.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Service Backbone Search vendor "Oracle" for product "Retail Service Backbone" | 14.1 Search vendor "Oracle" for product "Retail Service Backbone" and version "14.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Service Backbone Search vendor "Oracle" for product "Retail Service Backbone" | 15.0 Search vendor "Oracle" for product "Retail Service Backbone" and version "15.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Service Backbone Search vendor "Oracle" for product "Retail Service Backbone" | 16.0 Search vendor "Oracle" for product "Retail Service Backbone" and version "16.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Store Inventory Management Search vendor "Oracle" for product "Retail Store Inventory Management" | 14.0.4 Search vendor "Oracle" for product "Retail Store Inventory Management" and version "14.0.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Store Inventory Management Search vendor "Oracle" for product "Retail Store Inventory Management" | 14.1.3 Search vendor "Oracle" for product "Retail Store Inventory Management" and version "14.1.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Store Inventory Management Search vendor "Oracle" for product "Retail Store Inventory Management" | 15.0.3 Search vendor "Oracle" for product "Retail Store Inventory Management" and version "15.0.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Store Inventory Management Search vendor "Oracle" for product "Retail Store Inventory Management" | 16.0.3 Search vendor "Oracle" for product "Retail Store Inventory Management" and version "16.0.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service" | 15.0.3 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "15.0.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service" | 16.0.5 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "16.0.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service" | 17.0.3 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "17.0.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service" | 18.0.2 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "18.0.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service" | 19.0.1 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "19.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Storagetek Acsls Search vendor "Oracle" for product "Storagetek Acsls" | 8.5.1 Search vendor "Oracle" for product "Storagetek Acsls" and version "8.5.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Storagetek Tape Analytics Sw Tool Search vendor "Oracle" for product "Storagetek Tape Analytics Sw Tool" | 2.3 Search vendor "Oracle" for product "Storagetek Tape Analytics Sw Tool" and version "2.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 10.3.6.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "10.3.6.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 12.1.3.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.1.3.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 12.2.1.3.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 12.2.1.4.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.4.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 14.1.1.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "14.1.1.0.0" | - |
Affected
| ||||||