ID

VAR-201909-1539


CVE

CVE-2019-3740


TITLE

RSA BSAFE Crypto-J Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-009628

DESCRIPTION

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys. RSA BSAFE Crypto-J Contains an information disclosure vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5

Trust: 2.25

sources: NVD: CVE-2019-3740 // JVNDB: JVNDB-2019-009628 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-155175

AFFECTED PRODUCTS

vendor:dellmodel:bsafe ssl-jscope:lteversion:6.2.4.1

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:10.3.6.0.0

Trust: 1.0

vendor:oraclemodel:storagetek tape analytics sw toolscope:eqversion:2.3

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.5

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.1

Trust: 1.0

vendor:oraclemodel:communications network integrityscope:eqversion:7.3.2

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:12.1.0.2

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.4

Trust: 1.0

vendor:oraclemodel:application performance managementscope:eqversion:13.4.0.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.1.3

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:16.0.5

Trust: 1.0

vendor:oraclemodel:storagetek acslsscope:eqversion:8.5.1

Trust: 1.0

vendor:dellmodel:bsafe cert-jscope:lteversion:6.2.4

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.0.4

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:retail assortment planningscope:eqversion:15.0.3.0

Trust: 1.0

vendor:oraclemodel:application performance managementscope:eqversion:13.3.0.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:communications network integrityscope:eqversion:7.3.5

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1.3.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:18.0.2

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:14.1.1.0.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.2

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:dellmodel:bsafe crypto-jscope:ltversion:6.2.5

Trust: 1.0

vendor:oraclemodel:global lifecycle management opatchscope:ltversion:12.2.0.1.22

Trust: 1.0

vendor:oraclemodel:goldengatescope:ltversion:19.1.0.0.0.210420

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:19c

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.1.3.0.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:18c

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0.3.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.0

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:12.2.0.1

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail assortment planningscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:17.0.3

Trust: 1.0

vendor:oraclemodel:communications network integrityscope:eqversion:7.3.6

Trust: 1.0

vendor:rsa securitymodel:bsafe cert-jscope: - version: -

Trust: 0.8

vendor:rsa securitymodel:bsafe crypto-jscope:ltversion:6.2.5

Trust: 0.8

vendor:rsa securitymodel:bsafe ssl-jscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-009628 // NVD: CVE-2019-3740

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3740
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2019-3740
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3740
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201909-881
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-155175
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3740
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155175
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

security_alert@emc.com: CVE-2019-3740
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-3740
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-155175 // JVNDB: JVNDB-2019-009628 // CNNVD: CNNVD-201909-881 // CNNVD: CNNVD-202104-975 // NVD: CVE-2019-3740 // NVD: CVE-2019-3740

PROBLEMTYPE DATA

problemtype:CWE-203

Trust: 1.1

problemtype:CWE-310

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-155175 // JVNDB: JVNDB-2019-009628 // NVD: CVE-2019-3740

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-881

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201909-881

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-009628

PATCH

title:DSA-2019-094: RSA BSAFE Crypto-J Multiple Security Vulnerabilitiesurl:https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®-Crypto-J-Multiple-Security-Vulnerabilities

Trust: 0.8

title:Dell RSA BSAFE Crypto-J Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98406

Trust: 0.6

sources: JVNDB: JVNDB-2019-009628 // CNNVD: CNNVD-201909-881

EXTERNAL IDS

db:NVDid:CVE-2019-3740

Trust: 2.5

db:JVNDBid:JVNDB-2019-009628

Trust: 0.8

db:CNNVDid:CNNVD-201909-881

Trust: 0.7

db:CS-HELPid:SB2021042539

Trust: 0.6

db:CS-HELPid:SB2022042537

Trust: 0.6

db:CS-HELPid:SB2021042641

Trust: 0.6

db:CS-HELPid:SB2021042103

Trust: 0.6

db:CS-HELPid:SB2021072126

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-155175

Trust: 0.1

sources: VULHUB: VHN-155175 // JVNDB: JVNDB-2019-009628 // CNNVD: CNNVD-201909-881 // CNNVD: CNNVD-202104-975 // NVD: CVE-2019-3740

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 2.3

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-3740

Trust: 1.4

url:https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe&#174%3b-crypto-j-multiple-security-vulnerabilities

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3740

Trust: 0.8

url:https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafeĀ®-crypto-j-multiple-security-vulnerabilities

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072126

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042539

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042537

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042641

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042103

Trust: 0.6

url:https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-april-2021-35122

Trust: 0.6

url:https://www.oracle.com/security-alerts/cpujul2021.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe®-crypto-j-multiple-security-vulnerabilities

Trust: 0.1

sources: VULHUB: VHN-155175 // JVNDB: JVNDB-2019-009628 // CNNVD: CNNVD-201909-881 // CNNVD: CNNVD-202104-975 // NVD: CVE-2019-3740

SOURCES

db:VULHUBid:VHN-155175
db:JVNDBid:JVNDB-2019-009628
db:CNNVDid:CNNVD-201909-881
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2019-3740

LAST UPDATE DATE

2024-11-23T21:14:11.091000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-155175date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2019-009628date:2019-09-25T00:00:00
db:CNNVDid:CNNVD-201909-881date:2022-04-26T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2019-3740date:2024-11-21T04:42:26.680

SOURCES RELEASE DATE

db:VULHUBid:VHN-155175date:2019-09-18T00:00:00
db:JVNDBid:JVNDB-2019-009628date:2019-09-25T00:00:00
db:CNNVDid:CNNVD-201909-881date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2019-3740date:2019-09-18T23:15:11.173