CVE-2019-3739

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.

References

https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®-Crypto-J-Multiple-Security-Vulnerabilities

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.oracle.com/security-alerts/cpuoct2021.html

Details

Source: MITRE

Published: 2019-09-18

Updated: 2021-12-09

Type: CWE-310

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*

cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:* versions up to 6.2.4 (inclusive)

cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:* versions up to 6.2.4.1 (inclusive)

Configuration 2

OR

cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*

Tenable Plugins

View all (2 total)

IDNameProductFamilySeverity
154342Oracle GoldenGate (Oct 2021 CPU)NessusMisc.
high
148894Oracle Database Server Multiple Vulnerabilities (Apr 2021 CPU)NessusDatabases
medium