Sign-up

ID

VAR-201909-1541


CVE

CVE-2019-3738


TITLE

RSA BSAFE Crypto-J Vulnerability in digital signature verification

Trust: 0.8

sources: JVNDB: JVNDB-2019-009634

DESCRIPTION

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key. RSA BSAFE Crypto-J Contains a vulnerability in the verification of digital signatures.Information may be obtained. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. The vulnerability stems from a network system or product not adequately verifying the origin or authenticity of data. Attackers can use forged data to attack

Trust: 1.71

sources: NVD: CVE-2019-3738 // JVNDB: JVNDB-2019-009634 // VULHUB: VHN-155173

AFFECTED PRODUCTS

vendor:dellmodel:bsafe ssl-jscope:lteversion:6.2.4.1

Trust: 1.0

vendor:oraclemodel:storagetek tape analytics sw toolscope:eqversion:2.3

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.5

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.1

Trust: 1.0

vendor:oraclemodel:communications network integrityscope:eqversion:7.3.2

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:12.1.0.2

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.4

Trust: 1.0

vendor:oraclemodel:application performance managementscope:eqversion:13.4.0.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.1.3

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:16.0.5

Trust: 1.0

vendor:dellmodel:bsafe cert-jscope:lteversion:6.2.4

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:goldengatescope:eqversion:19.1.0.0.0.210420

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.0.4

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:retail assortment planningscope:eqversion:15.0.3.0

Trust: 1.0

vendor:oraclemodel:application performance managementscope:eqversion:13.3.0.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:communications network integrityscope:eqversion:7.3.5

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1.3.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:18.0.2

Trust: 1.0

vendor:oraclemodel:communications network integrityscope:eqversion:7.3.6

Trust: 1.0

vendor:mcafeemodel:threat intelligence exchange serverscope:gteversion:2.0.0

Trust: 1.0

vendor:mcafeemodel:threat intelligence exchange serverscope:lteversion:2.3.1

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.2

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:19.0.1

Trust: 1.0

vendor:dellmodel:bsafe crypto-jscope:ltversion:6.2.5

Trust: 1.0

vendor:mcafeemodel:threat intelligence exchange serverscope:eqversion:3.0.0

Trust: 1.0

vendor:oraclemodel:goldengatescope:ltversion:19.1.0.0.0.210420

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:18c

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0.3.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.0

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:12.2.0.1

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail assortment planningscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:17.0.3

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:19c

Trust: 1.0

vendor:rsa securitymodel:bsafe cert-jscope: - version: -

Trust: 0.8

vendor:rsa securitymodel:bsafe crypto-jscope:ltversion:6.2.5

Trust: 0.8

vendor:rsa securitymodel:bsafe ssl-jscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-009634 // NVD: CVE-2019-3738

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3738
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2019-3738
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3738
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201909-879
value: MEDIUM

Trust: 0.6

VULHUB: VHN-155173
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3738
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155173
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

security_alert@emc.com: CVE-2019-3738
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-3738
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-155173 // JVNDB: JVNDB-2019-009634 // CNNVD: CNNVD-201909-879 // NVD: CVE-2019-3738 // NVD: CVE-2019-3738

PROBLEMTYPE DATA

problemtype:CWE-347

Trust: 1.9

problemtype:CWE-325

Trust: 1.1

sources: VULHUB: VHN-155173 // JVNDB: JVNDB-2019-009634 // NVD: CVE-2019-3738

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-879

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201909-879

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009634

PATCH
title:DSA-2019-094: RSA BSAFE Crypto-J Multiple Security Vulnerabilitiesurl:https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®-Crypto-J-Multiple-Security-Vulnerabilities
Trust: 0.8
title:Dell RSA BSAFE Crypto-J Repair measures for data forgery problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98404
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-009634 // 
            
            
            
            CNNVD: CNNVD-201909-879

EXTERNAL IDS
db:NVDid:CVE-2019-3738
Trust: 2.5
db:MCAFEEid:SB10318
Trust: 1.7
db:JVNDBid:JVNDB-2019-009634
Trust: 0.8
db:CNNVDid:CNNVD-201909-879
Trust: 0.7
db:AUSCERTid:ESB-2020.3108
Trust: 0.6
db:VULHUBid:VHN-155173
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155173 // 
            
            
            
            JVNDB: JVNDB-2019-009634 // 
            
            
            
            CNNVD: CNNVD-201909-879 // 
            
            
            
            NVD: CVE-2019-3738

REFERENCES
url:https://www.oracle.com//security-alerts/cpujul2021.html
Trust: 1.7
url:https://www.oracle.com/security-alerts/cpuapr2021.html
Trust: 1.7
url:https://www.oracle.com/security-alerts/cpuapr2022.html
Trust: 1.7
url:https://www.oracle.com/security-alerts/cpujul2020.html
Trust: 1.7
url:https://www.oracle.com/security-alerts/cpuoct2020.html
Trust: 1.7
url:https://www.oracle.com/security-alerts/cpuoct2021.html
Trust: 1.7
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10318
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-3738
Trust: 1.4
url:https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe&#174%3b-crypto-j-multiple-security-vulnerabilities
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3738
Trust: 0.8
url:https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafeĀ®-crypto-j-multiple-security-vulnerabilities
Trust: 0.6
url:https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-april-2021-35122
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.3108/
Trust: 0.6
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10318
Trust: 0.1
url:https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe®-crypto-j-multiple-security-vulnerabilities
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155173 // 
            
            
            
            JVNDB: JVNDB-2019-009634 // 
            
            
            
            CNNVD: CNNVD-201909-879 // 
            
            
            
            NVD: CVE-2019-3738

SOURCES
db:VULHUBid:VHN-155173
db:JVNDBid:JVNDB-2019-009634
db:CNNVDid:CNNVD-201909-879
db:NVDid:CVE-2019-3738

LAST UPDATE DATE
2024-11-23T20:21:11.292000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155173date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2019-009634date:2019-09-25T00:00:00
db:CNNVDid:CNNVD-201909-879date:2022-04-21T00:00:00
db:NVDid:CVE-2019-3738date:2024-11-21T04:42:26.273

SOURCES RELEASE DATE
db:VULHUBid:VHN-155173date:2019-09-18T00:00:00
db:JVNDBid:JVNDB-2019-009634date:2019-09-25T00:00:00
db:CNNVDid:CNNVD-201909-879date:2019-09-18T00:00:00
db:NVDid:CVE-2019-3738date:2019-09-18T23:15:11.047