CVE-2019-3740
18.09.2019, 23:15
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.Enginsight
Vendor | Product | Version |
---|---|---|
dell | bsafe_cert-j | 𝑥 ≤ 6.2.4 |
dell | bsafe_crypto-j | 𝑥 < 6.2.5 |
dell | bsafe_ssl-j | 𝑥 ≤ 6.2.4.1 |
oracle | application_performance_management | 13.3.0.0 |
oracle | application_performance_management | 13.4.0.0 |
oracle | communications_network_integrity | 7.3.2 |
oracle | communications_network_integrity | 7.3.5 |
oracle | communications_network_integrity | 7.3.6 |
oracle | communications_unified_inventory_management | 7.3.2 |
oracle | communications_unified_inventory_management | 7.3.4 |
oracle | communications_unified_inventory_management | 7.3.5 |
oracle | communications_unified_inventory_management | 7.4.0 |
oracle | communications_unified_inventory_management | 7.4.1 |
oracle | database | 12.1.0.2 |
oracle | database | 12.2.0.1 |
oracle | global_lifecycle_management_opatch | 𝑥 < 12.2.0.1.22 |
oracle | goldengate | 𝑥 < 19.1.0.0.0.210420 |
oracle | retail_assortment_planning | 15.0.3.0 |
oracle | retail_assortment_planning | 16.0.3.0 |
oracle | retail_integration_bus | 14.1 |
oracle | retail_integration_bus | 15.0 |
oracle | retail_integration_bus | 16.0 |
oracle | retail_predictive_application_server | 14.1.3.0 |
oracle | retail_predictive_application_server | 15.0 |
oracle | retail_predictive_application_server | 15.0.3.0 |
oracle | retail_predictive_application_server | 16.0.3.0 |
oracle | retail_service_backbone | 14.1 |
oracle | retail_service_backbone | 15.0 |
oracle | retail_service_backbone | 16.0 |
oracle | retail_store_inventory_management | 14.0.4 |
oracle | retail_store_inventory_management | 14.1.3 |
oracle | retail_store_inventory_management | 15.0.3 |
oracle | retail_store_inventory_management | 16.0.3 |
oracle | retail_xstore_point_of_service | 15.0.3 |
oracle | retail_xstore_point_of_service | 16.0.5 |
oracle | retail_xstore_point_of_service | 17.0.3 |
oracle | retail_xstore_point_of_service | 18.0.2 |
oracle | retail_xstore_point_of_service | 19.0.1 |
oracle | storagetek_acsls | 8.5.1 |
oracle | storagetek_tape_analytics_sw_tool | 2.3 |
oracle | weblogic_server | 10.3.6.0.0 |
oracle | weblogic_server | 12.1.3.0.0 |
oracle | weblogic_server | 12.2.1.3.0 |
oracle | weblogic_server | 12.2.1.4.0 |
oracle | weblogic_server | 14.1.1.0.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-310 -
- CWE-203 - Observable DiscrepancyThe product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
References