CVE-2019-3740

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
dellCNA
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
dellbsafe_cert-j
𝑥
≤ 6.2.4
dellbsafe_crypto-j
𝑥
< 6.2.5
dellbsafe_ssl-j
𝑥
≤ 6.2.4.1
oracleapplication_performance_management
13.3.0.0
oracleapplication_performance_management
13.4.0.0
oraclecommunications_network_integrity
7.3.2
oraclecommunications_network_integrity
7.3.5
oraclecommunications_network_integrity
7.3.6
oraclecommunications_unified_inventory_management
7.3.2
oraclecommunications_unified_inventory_management
7.3.4
oraclecommunications_unified_inventory_management
7.3.5
oraclecommunications_unified_inventory_management
7.4.0
oraclecommunications_unified_inventory_management
7.4.1
oracledatabase
12.1.0.2
oracledatabase
12.2.0.1
oracleglobal_lifecycle_management_opatch
𝑥
< 12.2.0.1.22
oraclegoldengate
𝑥
< 19.1.0.0.0.210420
oracleretail_assortment_planning
15.0.3.0
oracleretail_assortment_planning
16.0.3.0
oracleretail_integration_bus
14.1
oracleretail_integration_bus
15.0
oracleretail_integration_bus
16.0
oracleretail_predictive_application_server
14.1.3.0
oracleretail_predictive_application_server
15.0
oracleretail_predictive_application_server
15.0.3.0
oracleretail_predictive_application_server
16.0.3.0
oracleretail_service_backbone
14.1
oracleretail_service_backbone
15.0
oracleretail_service_backbone
16.0
oracleretail_store_inventory_management
14.0.4
oracleretail_store_inventory_management
14.1.3
oracleretail_store_inventory_management
15.0.3
oracleretail_store_inventory_management
16.0.3
oracleretail_xstore_point_of_service
15.0.3
oracleretail_xstore_point_of_service
16.0.5
oracleretail_xstore_point_of_service
17.0.3
oracleretail_xstore_point_of_service
18.0.2
oracleretail_xstore_point_of_service
19.0.1
oraclestoragetek_acsls
8.5.1
oraclestoragetek_tape_analytics_sw_tool
2.3
oracleweblogic_server
10.3.6.0.0
oracleweblogic_server
12.1.3.0.0
oracleweblogic_server
12.2.1.3.0
oracleweblogic_server
12.2.1.4.0
oracleweblogic_server
14.1.1.0.0
𝑥
= Vulnerable software versions