Sign-up

ID

VAR-201909-1540


CVE

CVE-2019-3739


TITLE

RSA BSAFE Crypto-J Vulnerability related to information disclosure caused by difference in response to security related processing

Trust: 0.8

sources: JVNDB: JVNDB-2019-009635

DESCRIPTION

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys. RSA BSAFE Crypto-J Contains a vulnerability related to information disclosure caused by differences in response to security-related processing.Information may be obtained. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5

Trust: 1.71

sources: NVD: CVE-2019-3739 // JVNDB: JVNDB-2019-009635 // VULHUB: VHN-155174

AFFECTED PRODUCTS

vendor:dellmodel:bsafe ssl-jscope:lteversion:6.2.4.1

Trust: 1.0

vendor:oraclemodel:storagetek tape analytics sw toolscope:eqversion:2.3

Trust: 1.0

vendor:oraclemodel:communications network integrityscope:eqversion:7.3.2

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:12.1.0.2

Trust: 1.0

vendor:oraclemodel:application performance managementscope:eqversion:13.4.0.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.1.3

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:16.0.5

Trust: 1.0

vendor:oraclemodel:storagetek acslsscope:eqversion:8.5.1

Trust: 1.0

vendor:dellmodel:bsafe cert-jscope:lteversion:6.2.4

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.0.4

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:retail assortment planningscope:eqversion:15.0.3.0

Trust: 1.0

vendor:oraclemodel:application performance managementscope:eqversion:13.3.0.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:communications network integrityscope:eqversion:7.3.5

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1.3.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:18.0.2

Trust: 1.0

vendor:oraclemodel:communications network integrityscope:eqversion:7.3.6

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:14.1.1.0.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:dellmodel:bsafe crypto-jscope:ltversion:6.2.5

Trust: 1.0

vendor:oraclemodel:goldengatescope:ltversion:19.1.0.0.0.210420

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:19c

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:18c

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0.3.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:12.2.0.1

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail assortment planningscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:17.0.3

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:10.3.6.0.0

Trust: 1.0

vendor:rsa securitymodel:bsafe cert-jscope: - version: -

Trust: 0.8

vendor:rsa securitymodel:bsafe crypto-jscope:ltversion:6.2.5

Trust: 0.8

vendor:rsa securitymodel:bsafe ssl-jscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-009635 // NVD: CVE-2019-3739

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3739
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2019-3739
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3739
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201909-880
value: MEDIUM

Trust: 0.6

VULHUB: VHN-155174
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3739
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155174
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

security_alert@emc.com: CVE-2019-3739
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-3739
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-155174 // JVNDB: JVNDB-2019-009635 // CNNVD: CNNVD-201909-880 // NVD: CVE-2019-3739 // NVD: CVE-2019-3739

PROBLEMTYPE DATA

problemtype:CWE-203

Trust: 1.9

problemtype:CWE-310

Trust: 1.1

sources: VULHUB: VHN-155174 // JVNDB: JVNDB-2019-009635 // NVD: CVE-2019-3739

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-880

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201909-880

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009635

PATCH
title:DSA-2019-094: RSA BSAFE Crypto-J Multiple Security Vulnerabilitiesurl:https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®-Crypto-J-Multiple-Security-Vulnerabilities
Trust: 0.8
title:Dell RSA BSAFE Crypto-J Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98405
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-009635 // 
            
            
            
            CNNVD: CNNVD-201909-880

EXTERNAL IDS
db:NVDid:CVE-2019-3739
Trust: 2.5
db:JVNDBid:JVNDB-2019-009635
Trust: 0.8
db:CNNVDid:CNNVD-201909-880
Trust: 0.7
db:VULHUBid:VHN-155174
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155174 // 
            
            
            
            JVNDB: JVNDB-2019-009635 // 
            
            
            
            CNNVD: CNNVD-201909-880 // 
            
            
            
            NVD: CVE-2019-3739

REFERENCES
url:https://www.oracle.com//security-alerts/cpujul2021.html
Trust: 1.7
url:https://www.oracle.com/security-alerts/cpuapr2021.html
Trust: 1.7
url:https://www.oracle.com/security-alerts/cpuapr2022.html
Trust: 1.7
url:https://www.oracle.com/security-alerts/cpujul2020.html
Trust: 1.7
url:https://www.oracle.com/security-alerts/cpuoct2020.html
Trust: 1.7
url:https://www.oracle.com/security-alerts/cpuoct2021.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-3739
Trust: 1.4
url:https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe&#174%3b-crypto-j-multiple-security-vulnerabilities
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3739
Trust: 0.8
url:https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafeĀ®-crypto-j-multiple-security-vulnerabilities
Trust: 0.6
url:https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-april-2021-35122
Trust: 0.6
url:https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe®-crypto-j-multiple-security-vulnerabilities
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155174 // 
            
            
            
            JVNDB: JVNDB-2019-009635 // 
            
            
            
            CNNVD: CNNVD-201909-880 // 
            
            
            
            NVD: CVE-2019-3739

SOURCES
db:VULHUBid:VHN-155174
db:JVNDBid:JVNDB-2019-009635
db:CNNVDid:CNNVD-201909-880
db:NVDid:CVE-2019-3739

LAST UPDATE DATE
2024-11-23T22:05:59.432000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155174date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2019-009635date:2019-09-25T00:00:00
db:CNNVDid:CNNVD-201909-880date:2022-04-21T00:00:00
db:NVDid:CVE-2019-3739date:2024-11-21T04:42:26.480

SOURCES RELEASE DATE
db:VULHUBid:VHN-155174date:2019-09-18T00:00:00
db:JVNDBid:JVNDB-2019-009635date:2019-09-25T00:00:00
db:CNNVDid:CNNVD-201909-880date:2019-09-18T00:00:00
db:NVDid:CVE-2019-3739date:2019-09-18T23:15:11.110