6.5
CVE-2019-3740
- EPSS 1.24%
- Published 18.09.2019 23:15:11
- Last modified 21.11.2024 04:42:26
- Source security_alert@emc.com
- Teams watchlist Login
- Open Login
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
Data is provided by the National Vulnerability Database (NVD)
Dell ≫ Bsafe Cert-j Version <= 6.2.4
Dell ≫ Bsafe Crypto-j Version < 6.2.5
Dell ≫ Bsafe Ssl-j Version <= 6.2.4.1
Oracle ≫ Application Performance Management Version13.3.0.0
Oracle ≫ Application Performance Management Version13.4.0.0
Oracle ≫ Communications Network Integrity Version7.3.2
Oracle ≫ Communications Network Integrity Version7.3.5
Oracle ≫ Communications Network Integrity Version7.3.6
Oracle ≫ Communications Unified Inventory Management Version7.3.2
Oracle ≫ Communications Unified Inventory Management Version7.3.4
Oracle ≫ Communications Unified Inventory Management Version7.3.5
Oracle ≫ Communications Unified Inventory Management Version7.4.0
Oracle ≫ Communications Unified Inventory Management Version7.4.1
Oracle ≫ Global Lifecycle Management Opatch Version < 12.2.0.1.22
Oracle ≫ Goldengate Version < 19.1.0.0.0.210420
Oracle ≫ Retail Assortment Planning Version15.0.3.0
Oracle ≫ Retail Assortment Planning Version16.0.3.0
Oracle ≫ Retail Integration Bus Version14.1
Oracle ≫ Retail Integration Bus Version15.0
Oracle ≫ Retail Integration Bus Version16.0
Oracle ≫ Retail Predictive Application Server Version14.1.3.0
Oracle ≫ Retail Predictive Application Server Version15.0
Oracle ≫ Retail Predictive Application Server Version15.0.3.0
Oracle ≫ Retail Predictive Application Server Version16.0.3.0
Oracle ≫ Retail Service Backbone Version14.1
Oracle ≫ Retail Service Backbone Version15.0
Oracle ≫ Retail Service Backbone Version16.0
Oracle ≫ Retail Store Inventory Management Version14.0.4
Oracle ≫ Retail Store Inventory Management Version14.1.3
Oracle ≫ Retail Store Inventory Management Version15.0.3
Oracle ≫ Retail Store Inventory Management Version16.0.3
Oracle ≫ Retail Xstore Point Of Service Version15.0.3
Oracle ≫ Retail Xstore Point Of Service Version16.0.5
Oracle ≫ Retail Xstore Point Of Service Version17.0.3
Oracle ≫ Retail Xstore Point Of Service Version18.0.2
Oracle ≫ Retail Xstore Point Of Service Version19.0.1
Oracle ≫ Storagetek Acsls Version8.5.1
Oracle ≫ Storagetek Tape Analytics Sw Tool Version2.3
Oracle ≫ Weblogic Server Version10.3.6.0.0
Oracle ≫ Weblogic Server Version12.1.3.0.0
Oracle ≫ Weblogic Server Version12.2.1.3.0
Oracle ≫ Weblogic Server Version12.2.1.4.0
Oracle ≫ Weblogic Server Version14.1.1.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.24% | 0.784 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| security_alert@emc.com | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
CWE-203 Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.