6.5
CVE-2019-3738
- EPSS 0.97%
- Published 18.09.2019 23:15:11
- Last modified 21.11.2024 04:42:26
- Source security_alert@emc.com
- Teams watchlist Login
- Open Login
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
Data is provided by the National Vulnerability Database (NVD)
Dell ≫ Bsafe Cert-j Version <= 6.2.4
Dell ≫ Bsafe Crypto-j Version < 6.2.5
Dell ≫ Bsafe Ssl-j Version <= 6.2.4.1
Mcafee ≫ Threat Intelligence Exchange Server Version >= 2.0.0 <= 2.3.1
Mcafee ≫ Threat Intelligence Exchange Server Version3.0.0
Oracle ≫ Application Performance Management Version13.3.0.0
Oracle ≫ Application Performance Management Version13.4.0.0
Oracle ≫ Communications Network Integrity Version7.3.2
Oracle ≫ Communications Network Integrity Version7.3.5
Oracle ≫ Communications Network Integrity Version7.3.6
Oracle ≫ Communications Unified Inventory Management Version7.3.2
Oracle ≫ Communications Unified Inventory Management Version7.3.4
Oracle ≫ Communications Unified Inventory Management Version7.3.5
Oracle ≫ Communications Unified Inventory Management Version7.4.0
Oracle ≫ Communications Unified Inventory Management Version7.4.1
Oracle ≫ Goldengate Version < 19.1.0.0.0.210420
Oracle ≫ Goldengate Version19.1.0.0.0.210420
Oracle ≫ Retail Assortment Planning Version15.0.3.0
Oracle ≫ Retail Assortment Planning Version16.0.3.0
Oracle ≫ Retail Integration Bus Version14.1
Oracle ≫ Retail Integration Bus Version15.0
Oracle ≫ Retail Integration Bus Version16.0
Oracle ≫ Retail Predictive Application Server Version14.1.3.0
Oracle ≫ Retail Predictive Application Server Version15.0.3.0
Oracle ≫ Retail Predictive Application Server Version16.0.3.0
Oracle ≫ Retail Service Backbone Version14.1
Oracle ≫ Retail Service Backbone Version15.0
Oracle ≫ Retail Service Backbone Version16.0
Oracle ≫ Retail Store Inventory Management Version14.0.4
Oracle ≫ Retail Store Inventory Management Version14.1.3
Oracle ≫ Retail Store Inventory Management Version15.0.3
Oracle ≫ Retail Store Inventory Management Version16.0.3
Oracle ≫ Retail Xstore Point Of Service Version15.0.3
Oracle ≫ Retail Xstore Point Of Service Version16.0.5
Oracle ≫ Retail Xstore Point Of Service Version17.0.3
Oracle ≫ Retail Xstore Point Of Service Version18.0.2
Oracle ≫ Retail Xstore Point Of Service Version19.0.1
Oracle ≫ Storagetek Tape Analytics Sw Tool Version2.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.97% | 0.757 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| security_alert@emc.com | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
CWE-325 Missing Cryptographic Step
The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.
CWE-347 Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.