CVE-2019-3739

{"id": "CVE-2019-3739", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-09-18T23:15:11.110", "references": [{"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174%3B-Crypto-J-Multiple-Security-Vulnerabilities", "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174%3B-Crypto-J-Multiple-Security-Vulnerabilities", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-310"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys."}, {"lang": "es", "value": "RSA BSAFE Crypto-J versiones anteriores a 6.2.5, son vulnerables a la Exposici\u00f3n de Informaci\u00f3n por medio de vulnerabilidades de Discrepancia de Sincronizaci\u00f3n durante la generaci\u00f3n de claves ECDSA. Un atacante remoto malicioso podr\u00eda explotar potencialmente esas vulnerabilidades para recuperar claves ECDSA."}], "lastModified": "2024-11-21T04:42:26.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1710B5A7-08C4-44D8-A175-044FCD92B314", "versionEndIncluding": "6.2.4"}, {"criteria": "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9757B880-0E5B-40B1-A15C-0EAA52046A73", "versionEndExcluding": "6.2.5"}, {"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEE68BD5-3D1C-4D69-B026-319FBEDBC798", "versionEndIncluding": "6.2.4.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E87B8C7B-2654-4F9C-9B5D-794DA484B42D"}, {"criteria": "cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C6F5710-490D-41D4-8C9B-27FC530117A7"}, {"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7E8F4F3-1A39-4CBB-98C4-66D5DCE3F57D"}, {"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B"}, {"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175"}, {"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3"}, {"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B"}, {"criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "20352616-6BCA-485D-8DD7-DFC97AD6A30D"}, {"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC"}, {"criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68165D37-489E-45D7-BA7A-A38164B5C26D", "versionEndExcluding": "19.1.0.0.0.210420"}, {"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44357172-4035-4D57-9C83-D80BDDE8E8C7"}, {"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDDD1BFF-9B0D-45DA-86DC-05CF829107FB"}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE7DB324-98A0-40AD-96D4-0800340F6F3A"}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B"}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6"}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCF6CCE5-250D-4B10-AD18-7DE7D84BF220"}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6D325A0-3441-41AC-B00F-F2A7F85370A1"}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA"}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "378A6656-252B-4929-83EA-BC107FDFD357"}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE"}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA"}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E703304-0752-46F2-998B-A3D37C9E7A54"}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "722969B5-36CD-4413-954B-347BB7E51FAE"}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF295023-399E-4180-A28B-2DA3327A372C"}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E5A2A49-42B0-44EB-B606-999275DC1DA1"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54B0A494-14DD-4384-9DCE-14945EBE1A19"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A890746E-EE1A-4DBC-BB04-84CC79767F85"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6308E929-D44D-48A1-BAEE-47BE4E164124"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDD2640A-5964-4937-B912-CEA2173FAFEE"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11BE9059-29C1-417D-AFB3-98066E95D883"}, {"criteria": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3"}, {"criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}