CVE-2019-3740

Published Sep 18, 2019
Last updated a year ago
CVSS medium 6.5
Overview

Description: RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
Source: security_alert@emc.com
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity: MEDIUM
CVSS 3.0

Type: Secondary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-203
security_alert@emc.com: CWE-310
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1710B5A7-08C4-44D8-A175-044FCD92B314",
            "versionEndIncluding": "6.2.4"
          },
          {
            "criteria": "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9757B880-0E5B-40B1-A15C-0EAA52046A73",
            "versionEndExcluding": "6.2.5"
          },
          {
            "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEE68BD5-3D1C-4D69-B026-319FBEDBC798",
            "versionEndIncluding": "6.2.4.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E87B8C7B-2654-4F9C-9B5D-794DA484B42D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C6F5710-490D-41D4-8C9B-27FC530117A7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7E8F4F3-1A39-4CBB-98C4-66D5DCE3F57D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20352616-6BCA-485D-8DD7-DFC97AD6A30D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "160EBE76-7CED-4210-9FBB-8649B14DAE1A",
            "versionEndExcluding": "12.2.0.1.22"
          },
          {
            "criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68165D37-489E-45D7-BA7A-A38164B5C26D",
            "versionEndExcluding": "19.1.0.0.0.210420"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44357172-4035-4D57-9C83-D80BDDE8E8C7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDDD1BFF-9B0D-45DA-86DC-05CF829107FB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE7DB324-98A0-40AD-96D4-0800340F6F3A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCF6CCE5-250D-4B10-AD18-7DE7D84BF220"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FFEA075-11EB-4E99-92A1-8B2883C64CC0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6D325A0-3441-41AC-B00F-F2A7F85370A1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "378A6656-252B-4929-83EA-BC107FDFD357"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E703304-0752-46F2-998B-A3D37C9E7A54"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "722969B5-36CD-4413-954B-347BB7E51FAE"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF295023-399E-4180-A28B-2DA3327A372C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E5A2A49-42B0-44EB-B606-999275DC1DA1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54B0A494-14DD-4384-9DCE-14945EBE1A19"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A890746E-EE1A-4DBC-BB04-84CC79767F85"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6308E929-D44D-48A1-BAEE-47BE4E164124"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDD2640A-5964-4937-B912-CEA2173FAFEE"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11BE9059-29C1-417D-AFB3-98066E95D883"
          },
          {
            "criteria": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
