MEDIUM🇵🇱 Wersja polska

CVE-2019-3740

CVSS 6.5v3.1pub. 2019-09-18upd. 2024-11-21

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
  • Dell Bsafe Cert J

    APP
    Dell
    ≤ 6.2.4
  • Dell Bsafe Crypto J

    APP
    Dell
    < 6.2.5
  • Dell Bsafe Ssl J

    APP
    Dell
    ≤ 6.2.4.1
  • Oracle Application Performance Management

    APP
    Oracle
    13.3.0.013.4.0.0
  • Oracle Communications Network Integrity

    APP
    Oracle
    7.3.27.3.57.3.6
  • Oracle Communications Unified Inventory Management

    APP
    Oracle
    7.3.27.3.47.3.57.4.07.4.1
  • Oracle Database

    APP
    Oracle
    12.1.0.212.2.0.118c19c
  • Oracle Global Lifecycle Management Opatch

    APP
    Oracle
    < 12.2.0.1.22
  • Oracle Goldengate

    APP
    Oracle
    < 19.1.0.0.0.210420
  • Oracle Retail Assortment Planning

    APP
    Oracle
    15.0.3.016.0.3.0
  • Oracle Retail Integration Bus

    APP
    Oracle
    14.115.016.0
  • Oracle Retail Predictive Application Server

    APP
    Oracle
    14.1.3.015.015.0.3.016.0.3.0
  • Oracle Retail Service Backbone

    APP
    Oracle
    14.115.016.0
  • Oracle Retail Store Inventory Management

    APP
    Oracle
    14.0.414.1.315.0.316.0.3
  • Oracle Retail Xstore Point Of Service

    APP
    Oracle
    15.0.316.0.517.0.318.0.219.0.1
  • Oracle Storagetek Acsls

    APP
    Oracle
    8.5.1
  • Oracle Storagetek Tape Analytics Sw Tool

    APP
    Oracle
    2.3
  • Oracle Weblogic Server

    APP
    Oracle
    10.3.6.0.012.1.3.0.012.2.1.3.012.2.1.4.014.1.1.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-22963CRITICAL9.8⚠ KEVten sam produkt

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2020-14750CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supporte...

CVE-2020-14882CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supporte...

CVE-2020-14644CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported v...