← Back

CVE-2019-3739

nvd nist
Published: Sep 18, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.

Affected (39)

Dell
3 products
Bsafe Cert J
Bsafe Crypto J
Bsafe Ssl J
Oracle
13 products
Application Performance Management
Communications Network Integrity
Database
Goldengate
Retail Assortment Planning
Retail Integration Bus
Retail Predictive Application Server
Retail Service Backbone
Retail Store Inventory Management
Retail Xstore Point Of Service
Storagetek Acsls
Storagetek Tape Analytics Sw Tool
Weblogic Server
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Bsafe Cert J
Up to 6.2.4
Bsafe Crypto J
Before 6.2.5
Bsafe Ssl J
Up to 6.2.4.1
Configuration B
36 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Application Performance Management
Version 13.3.0.0
Application Performance Management
Version 13.4.0.0
Oracle
Communications Network Integrity
Version 7.3.2
Communications Network Integrity
Version 7.3.5
Communications Network Integrity
Version 7.3.6
Oracle
Database
Version 12.1.0.2
Database
Version 12.2.0.1
Database
Version 18c
Database
Version 19c
Goldengate
Before 19.1.0.0.0.210420
Oracle
Retail Assortment Planning
Version 15.0.3.0
Retail Assortment Planning
Version 16.0.3.0
Oracle
Retail Integration Bus
Version 14.1
Retail Integration Bus
Version 15.0
Retail Integration Bus
Version 16.0
Oracle
Retail Predictive Application Server
Version 14.1.3.0
Retail Predictive Application Server
Version 15.0.3.0
Retail Predictive Application Server
Version 16.0.3.0
Oracle
Retail Service Backbone
Version 14.1
Retail Service Backbone
Version 15.0
Retail Service Backbone
Version 16.0
Oracle
Retail Store Inventory Management
Version 14.0.4
Retail Store Inventory Management
Version 14.1.3
Retail Store Inventory Management
Version 15.0.3
Retail Store Inventory Management
Version 16.0.3
Oracle
Retail Xstore Point Of Service
Version 15.0.3
Retail Xstore Point Of Service
Version 16.0.5
Retail Xstore Point Of Service
Version 17.0.3
Retail Xstore Point Of Service
Version 18.0.2
Retail Xstore Point Of Service
Version 19.0.1
Storagetek Acsls
Version 8.5.1
Storagetek Tape Analytics Sw Tool
Version 2.3
Oracle
Weblogic Server
Version 10.3.6.0.0
Weblogic Server
Version 12.2.1.3.0
Weblogic Server
Version 12.2.1.4.0
Weblogic Server
Version 14.1.1.0.0

Related CWEs

CWE-203
Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
CWE-310
CWE-310

References (14)

Source: security_alert@emc.com
Source: security_alert@emc.com
PatchThird Party Advisory
Source: security_alert@emc.com
PatchThird Party Advisory
Source: security_alert@emc.com
PatchThird Party Advisory
Source: security_alert@emc.com
PatchThird Party Advisory
Source: security_alert@emc.com
PatchThird Party Advisory
Source: security_alert@emc.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.