RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 04:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities - | |
References | () https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujul2020.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory |
07 Nov 2023, 03:10
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-09-18 23:15
Updated : 2024-11-21 04:42
NVD link : CVE-2019-3740
Mitre link : CVE-2019-3740
CVE.ORG link : CVE-2019-3740
JSON object : View
Products Affected
oracle
- global_lifecycle_management_opatch
- retail_assortment_planning
- weblogic_server
- application_performance_management
- retail_integration_bus
- retail_predictive_application_server
- storagetek_tape_analytics_sw_tool
- communications_network_integrity
- storagetek_acsls
- retail_service_backbone
- retail_store_inventory_management
- communications_unified_inventory_management
- database
- retail_xstore_point_of_service
- goldengate
dell
- bsafe_ssl-j
- bsafe_crypto-j
- bsafe_cert-j