6.5

CVE-2019-3740

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DellBsafe Cert-j Version <= 6.2.4
DellBsafe Crypto-j Version < 6.2.5
DellBsafe Ssl-j Version <= 6.2.4.1
OracleDatabase Version12.1.0.2 SwEditionenterprise
OracleDatabase Version12.2.0.1 SwEditionenterprise
OracleDatabase Version18c SwEditionenterprise
OracleDatabase Version19c SwEditionenterprise
OracleGlobal Lifecycle Management Opatch Version < 12.2.0.1.22
OracleGoldengate Version < 19.1.0.0.0.210420
OracleRetail Assortment Planning Version15.0.3.0
OracleRetail Assortment Planning Version16.0.3.0
OracleRetail Integration Bus Version14.1
OracleRetail Integration Bus Version15.0
OracleRetail Integration Bus Version16.0
OracleStoragetek Acsls Version8.5.1
OracleWeblogic Server Version10.3.6.0.0
OracleWeblogic Server Version12.1.3.0.0
OracleWeblogic Server Version12.2.1.3.0
OracleWeblogic Server Version12.2.1.4.0
OracleWeblogic Server Version14.1.1.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.24% 0.784
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
security_alert@emc.com 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.