RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N
Vendors Products
Oracle
  • Global Lifecycle Management Opatch
  • Retail Store Inventory Management
  • Database
  • Goldengate
  • Storagetek Acsls
  • Retail Integration Bus
  • Application Performance Management
  • Weblogic Server
  • Communications Network Integrity
  • Retail Predictive Application Server
  • Retail Assortment Planning
  • Communications Unified Inventory Management
  • Retail Xstore Point Of Service
  • Storagetek Tape Analytics Sw Tool
  • Retail Service Backbone
Dell
  • Bsafe Ssl-j
  • Bsafe Crypto-j
  • Bsafe Cert-j

Configuration 1 [-]

OR cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
References
Link Resource
https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174%3B-Crypto-J-Multiple-Security-Vulnerabilities
https://www.oracle.com//security-alerts/cpujul2021.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html Patch Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: dell

Published: 2019-08-15T00:00:00

Updated: 2022-04-19T23:20:43

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3740

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2019-09-18T23:15:11.173

Modified: 2023-11-07T03:10:11.167

Link: CVE-2019-3740

JSON object: View

cve-icon Redhat Information

No data.

CWE