CVE-2019-3738

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
dellCNA
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
dellbsafe_cert-j
𝑥
≤ 6.2.4
dellbsafe_crypto-j
𝑥
< 6.2.5
dellbsafe_ssl-j
𝑥
≤ 6.2.4.1
mcafeethreat_intelligence_exchange_server
2.0.0 ≤
𝑥
≤ 2.3.1
mcafeethreat_intelligence_exchange_server
3.0.0
oracleapplication_performance_management
13.3.0.0
oracleapplication_performance_management
13.4.0.0
oraclecommunications_network_integrity
7.3.2
oraclecommunications_network_integrity
7.3.5
oraclecommunications_network_integrity
7.3.6
oraclecommunications_unified_inventory_management
7.3.2
oraclecommunications_unified_inventory_management
7.3.4
oraclecommunications_unified_inventory_management
7.3.5
oraclecommunications_unified_inventory_management
7.4.0
oraclecommunications_unified_inventory_management
7.4.1
oracledatabase
12.1.0.2
oracledatabase
12.2.0.1
oraclegoldengate
𝑥
< 19.1.0.0.0.210420
oraclegoldengate
19.1.0.0.0.210420
oracleretail_assortment_planning
15.0.3.0
oracleretail_assortment_planning
16.0.3.0
oracleretail_integration_bus
14.1
oracleretail_integration_bus
15.0
oracleretail_integration_bus
16.0
oracleretail_predictive_application_server
14.1.3.0
oracleretail_predictive_application_server
15.0.3.0
oracleretail_predictive_application_server
16.0.3.0
oracleretail_service_backbone
14.1
oracleretail_service_backbone
15.0
oracleretail_service_backbone
16.0
oracleretail_store_inventory_management
14.0.4
oracleretail_store_inventory_management
14.1.3
oracleretail_store_inventory_management
15.0.3
oracleretail_store_inventory_management
16.0.3
oracleretail_xstore_point_of_service
15.0.3
oracleretail_xstore_point_of_service
16.0.5
oracleretail_xstore_point_of_service
17.0.3
oracleretail_xstore_point_of_service
18.0.2
oracleretail_xstore_point_of_service
19.0.1
oraclestoragetek_tape_analytics_sw_tool
2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10318
https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174%3B-Crypto-J-Multiple-Security-Vulnerabilities
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10318
https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174%3B-Crypto-J-Multiple-Security-Vulnerabilities
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html