Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2019-3740

Disclosure Date: September 18, 2019 •

CVE-2019-3740 CVSS v3 Base Score: 6.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.5 Medium

Impact Score:

3.6

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

None

Availability (A):

None

Vendors

dell,
oracle

Products

application performance management 13.3.0.0,
application performance management 13.4.0.0,
bsafe cert-j,
bsafe crypto-j,
bsafe ssl-j,
communications network integrity 7.3.2,
communications network integrity 7.3.5,
communications network integrity 7.3.6,
communications unified inventory management 7.3.2,
communications unified inventory management 7.3.4,
communications unified inventory management 7.3.5,
communications unified inventory management 7.4.0,
communications unified inventory management 7.4.1,
database 12.1.0.2,
database 12.2.0.1,
database 18c,
database 19c,
global lifecycle management opatch,
goldengate,
retail assortment planning 15.0.3.0,
retail assortment planning 16.0.3.0,
retail integration bus 14.1,
retail integration bus 15.0,
retail integration bus 16.0,
retail predictive application server 14.1.3.0,
retail predictive application server 15.0,
retail predictive application server 15.0.3.0,
retail predictive application server 16.0.3.0,
retail service backbone 14.1,
retail service backbone 15.0,
retail service backbone 16.0,
retail store inventory management 14.0.4,
retail store inventory management 14.1.3,
retail store inventory management 15.0.3,
retail store inventory management 16.0.3,
retail xstore point of service 15.0.3,
retail xstore point of service 16.0.5,
retail xstore point of service 17.0.3,
retail xstore point of service 18.0.2,
retail xstore point of service 19.0.1,
storagetek acsls 8.5.1,
storagetek tape analytics sw tool 2.3,
weblogic server 10.3.6.0.0,
weblogic server 12.1.3.0.0,
weblogic server 12.2.1.3.0,
weblogic server 12.2.1.4.0,
weblogic server 14.1.1.0.0

References

Canonical

CVE-2019-3740 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3740)

Miscellaneous

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®-Crypto-J-Multiple-Security-Vulnerabilities

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.oracle.com/security-alerts/cpuoct2021.html

https://www.oracle.com/security-alerts/cpuapr2022.html

Rapid7

Unknown

CVE-2019-3740

Unknown

Unknown

Required

None

Network

CVE-2019-3740

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2019-3740

Unknown

Unknown

Required

None

Network

CVE-2019-3740

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification