CVE-2019-3739

EPSS 1.24%
Veröffentlicht 18.09.2019 23:15:11
Zuletzt bearbeitet 21.11.2024 04:42:26
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Bsafe Cert-j Version <= 6.2.4

Dell ≫ Bsafe Crypto-j Version < 6.2.5

Dell ≫ Bsafe Ssl-j Version <= 6.2.4.1

Oracle ≫ Application Performance Management Version13.3.0.0

Oracle ≫ Application Performance Management Version13.4.0.0

Oracle ≫ Communications Network Integrity Version7.3.2

Oracle ≫ Communications Network Integrity Version7.3.5

Oracle ≫ Communications Network Integrity Version7.3.6

Oracle ≫ Database Version12.1.0.2 SwEditionenterprise

Oracle ≫ Database Version12.2.0.1 SwEditionenterprise

Oracle ≫ Database Version18c SwEditionenterprise

Oracle ≫ Database Version19c SwEditionenterprise

Oracle ≫ Goldengate Version < 19.1.0.0.0.210420

Oracle ≫ Retail Assortment Planning Version15.0.3.0

Oracle ≫ Retail Assortment Planning Version16.0.3.0

Oracle ≫ Retail Integration Bus Version14.1

Oracle ≫ Retail Integration Bus Version15.0

Oracle ≫ Retail Integration Bus Version16.0

Oracle ≫ Retail Predictive Application Server Version14.1.3.0

Oracle ≫ Retail Predictive Application Server Version15.0.3.0

Oracle ≫ Retail Predictive Application Server Version16.0.3.0

Oracle ≫ Retail Service Backbone Version14.1

Oracle ≫ Retail Service Backbone Version15.0

Oracle ≫ Retail Service Backbone Version16.0

Oracle ≫ Retail Store Inventory Management Version14.0.4

Oracle ≫ Retail Store Inventory Management Version14.1.3

Oracle ≫ Retail Store Inventory Management Version15.0.3

Oracle ≫ Retail Store Inventory Management Version16.0.3

Oracle ≫ Retail Xstore Point Of Service Version15.0.3

Oracle ≫ Retail Xstore Point Of Service Version16.0.5

Oracle ≫ Retail Xstore Point Of Service Version17.0.3

Oracle ≫ Retail Xstore Point Of Service Version18.0.2

Oracle ≫ Retail Xstore Point Of Service Version19.0.1

Oracle ≫ Storagetek Acsls Version8.5.1

Oracle ≫ Storagetek Tape Analytics Sw Tool Version2.3

Oracle ≫ Weblogic Server Version10.3.6.0.0

Oracle ≫ Weblogic Server Version12.2.1.3.0

Oracle ≫ Weblogic Server Version12.2.1.4.0

Oracle ≫ Weblogic Server Version14.1.1.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.24%	0.784

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
security_alert@emc.com	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Patch

Third Party Advisory