6.5
CVE-2019-3738
- EPSS 1.68%
- Veröffentlicht 18.09.2019 23:15:11
- Zuletzt bearbeitet 21.11.2024 04:42:26
- Quelle security_alert@emc.com
- CVE-Watchlists
- Unerledigt
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dell ≫ Bsafe Cert-j Version <= 6.2.4
Dell ≫ Bsafe Crypto-j Version < 6.2.5
Dell ≫ Bsafe Ssl-j Version <= 6.2.4.1
Mcafee ≫ Threat Intelligence Exchange Server Version >= 2.0.0 <= 2.3.1
Mcafee ≫ Threat Intelligence Exchange Server Version3.0.0
Oracle ≫ Application Performance Management Version13.3.0.0
Oracle ≫ Application Performance Management Version13.4.0.0
Oracle ≫ Communications Network Integrity Version7.3.2
Oracle ≫ Communications Network Integrity Version7.3.5
Oracle ≫ Communications Network Integrity Version7.3.6
Oracle ≫ Communications Unified Inventory Management Version7.3.2
Oracle ≫ Communications Unified Inventory Management Version7.3.4
Oracle ≫ Communications Unified Inventory Management Version7.3.5
Oracle ≫ Communications Unified Inventory Management Version7.4.0
Oracle ≫ Communications Unified Inventory Management Version7.4.1
Oracle ≫ Goldengate Version < 19.1.0.0.0.210420
Oracle ≫ Goldengate Version19.1.0.0.0.210420
Oracle ≫ Retail Assortment Planning Version15.0.3.0
Oracle ≫ Retail Assortment Planning Version16.0.3.0
Oracle ≫ Retail Integration Bus Version14.1
Oracle ≫ Retail Integration Bus Version15.0
Oracle ≫ Retail Integration Bus Version16.0
Oracle ≫ Retail Predictive Application Server Version14.1.3.0
Oracle ≫ Retail Predictive Application Server Version15.0.3.0
Oracle ≫ Retail Predictive Application Server Version16.0.3.0
Oracle ≫ Retail Service Backbone Version14.1
Oracle ≫ Retail Service Backbone Version15.0
Oracle ≫ Retail Service Backbone Version16.0
Oracle ≫ Retail Store Inventory Management Version14.0.4
Oracle ≫ Retail Store Inventory Management Version14.1.3
Oracle ≫ Retail Store Inventory Management Version15.0.3
Oracle ≫ Retail Store Inventory Management Version16.0.3
Oracle ≫ Retail Xstore Point Of Service Version15.0.3
Oracle ≫ Retail Xstore Point Of Service Version16.0.5
Oracle ≫ Retail Xstore Point Of Service Version17.0.3
Oracle ≫ Retail Xstore Point Of Service Version18.0.2
Oracle ≫ Retail Xstore Point Of Service Version19.0.1
Oracle ≫ Storagetek Tape Analytics Sw Tool Version2.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.68% | 0.739 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| security_alert@emc.com | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
CWE-325 Missing Cryptographic Step
The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.
CWE-347 Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10318
https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities