cvelistv5 - cve-2019-3740

CVE-2019-3740 (GCVE-0-2019-3740)

Vulnerability from cvelistv5 – Published: 2019-09-18 22:23 – Updated: 2024-09-17 01:40

Summary

Severity ?

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE

CWE-310 - Cryptographic Issues

Assigner

dell

References

URL

Tags

	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.dell.com/support/security/en-us/detai…	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuApr2021.html	x_refsource_MISC
	https://www.oracle.com//security-alerts/cpujul2021.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Dell	RSA BSAFE Crypto-J	Affected: prior to 6.2.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:18.307Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RSA BSAFE Crypto-J",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 6.2.5"
            }
          ]
        }
      ],
      "datePublic": "2019-08-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-310",
              "description": "CWE-310: Cryptographic Issues",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:20:43",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2019-08-15",
          "ID": "CVE-2019-3740",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "RSA BSAFE Crypto-J",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to 6.2.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-310: Cryptographic Issues"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities",
              "refsource": "MISC",
              "url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2019-3740",
    "datePublished": "2019-09-18T22:23:10.138468Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T01:40:53.233Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.2.4\", \"matchCriteriaId\": \"1710B5A7-08C4-44D8-A175-044FCD92B314\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.2.5\", \"matchCriteriaId\": \"9757B880-0E5B-40B1-A15C-0EAA52046A73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.2.4.1\", \"matchCriteriaId\": \"FEE68BD5-3D1C-4D69-B026-319FBEDBC798\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E87B8C7B-2654-4F9C-9B5D-794DA484B42D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C6F5710-490D-41D4-8C9B-27FC530117A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7E8F4F3-1A39-4CBB-98C4-66D5DCE3F57D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B21E6EEF-2AB7-4E96-B092-1F49D11B4175\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17A91FD9-9F77-42D3-A4D9-48BC7568ADE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"539DA24F-E3E0-4455-84C6-A9D96CD601B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7637F8B-15F1-42E2-BE18-E1FF7C66587D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"89FE33CE-5995-4C53-8331-B49156F852B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"46E7237C-00BD-4490-96C3-A8EAE4CE2C0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"20352616-6BCA-485D-8DD7-DFC97AD6A30D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"C1E05472-8F3A-4E46-90E5-50EA6D555FDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.2.0.1.22\", \"matchCriteriaId\": \"160EBE76-7CED-4210-9FBB-8649B14DAE1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"19.1.0.0.0.210420\", \"matchCriteriaId\": \"68165D37-489E-45D7-BA7A-A38164B5C26D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"44357172-4035-4D57-9C83-D80BDDE8E8C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDDD1BFF-9B0D-45DA-86DC-05CF829107FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE7DB324-98A0-40AD-96D4-0800340F6F3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42064F46-3012-4FB1-89BA-F13C2E4CBB6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F73E2EFA-0F43-4D92-8C7D-9E66811B76D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCF6CCE5-250D-4B10-AD18-7DE7D84BF220\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FFEA075-11EB-4E99-92A1-8B2883C64CC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6D325A0-3441-41AC-B00F-F2A7F85370A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"924AFE2D-D1BB-4026-9C12-BA379F8C5BEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"378A6656-252B-4929-83EA-BC107FDFD357\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"363395FA-C296-4B2B-9D6F-BCB8DBE6FACE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F62A2144-5EF8-4319-B8C2-D7975F51E5FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E703304-0752-46F2-998B-A3D37C9E7A54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"722969B5-36CD-4413-954B-347BB7E51FAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF295023-399E-4180-A28B-2DA3327A372C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E5A2A49-42B0-44EB-B606-999275DC1DA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54B0A494-14DD-4384-9DCE-14945EBE1A19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A890746E-EE1A-4DBC-BB04-84CC79767F85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6308E929-D44D-48A1-BAEE-47BE4E164124\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDD2640A-5964-4937-B912-CEA2173FAFEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11BE9059-29C1-417D-AFB3-98066E95D883\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B40B13B7-68B3-4510-968C-6A730EB46462\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C93CC705-1F8C-4870-99E6-14BF264C3811\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F14A818F-AA16-4438-A3E4-E64C9287AC66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.\"}, {\"lang\": \"es\", \"value\": \"RSA BSAFE Crypto-J versiones anteriores a 6.2.5, son susceptibles a una vulnerabilidad de Exposici\\u00f3n de Informaci\\u00f3n por medio de vulnerabilidades de Discrepancia de Sincronizaci\\u00f3n durante la generaci\\u00f3n de claves DSA. Un atacante remoto malicioso podr\\u00eda explotar potencialmente esas vulnerabilidades para recuperar claves DSA.\"}]",
      "id": "CVE-2019-3740",
      "lastModified": "2024-11-21T04:42:26.680",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV30\": [{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-09-18T23:15:11.173",
      "references": "[{\"url\": \"https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-310\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-203\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-3740\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2019-09-18T23:15:11.173\",\"lastModified\":\"2024-11-21T04:42:26.680\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.\"},{\"lang\":\"es\",\"value\":\"RSA BSAFE Crypto-J versiones anteriores a 6.2.5, son susceptibles a una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n por medio de vulnerabilidades de Discrepancia de Sincronizaci\u00f3n durante la generaci\u00f3n de claves DSA. Un atacante remoto malicioso podr\u00eda explotar potencialmente esas vulnerabilidades para recuperar claves DSA.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.2.4\",\"matchCriteriaId\":\"1710B5A7-08C4-44D8-A175-044FCD92B314\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.2.5\",\"matchCriteriaId\":\"9757B880-0E5B-40B1-A15C-0EAA52046A73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.2.4.1\",\"matchCriteriaId\":\"FEE68BD5-3D1C-4D69-B026-319FBEDBC798\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E87B8C7B-2654-4F9C-9B5D-794DA484B42D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C6F5710-490D-41D4-8C9B-27FC530117A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7E8F4F3-1A39-4CBB-98C4-66D5DCE3F57D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B21E6EEF-2AB7-4E96-B092-1F49D11B4175\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17A91FD9-9F77-42D3-A4D9-48BC7568ADE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"539DA24F-E3E0-4455-84C6-A9D96CD601B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7637F8B-15F1-42E2-BE18-E1FF7C66587D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"89FE33CE-5995-4C53-8331-B49156F852B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"46E7237C-00BD-4490-96C3-A8EAE4CE2C0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"20352616-6BCA-485D-8DD7-DFC97AD6A30D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"C1E05472-8F3A-4E46-90E5-50EA6D555FDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.2.0.1.22\",\"matchCriteriaId\":\"160EBE76-7CED-4210-9FBB-8649B14DAE1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"19.1.0.0.0.210420\",\"matchCriteriaId\":\"68165D37-489E-45D7-BA7A-A38164B5C26D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44357172-4035-4D57-9C83-D80BDDE8E8C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDDD1BFF-9B0D-45DA-86DC-05CF829107FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE7DB324-98A0-40AD-96D4-0800340F6F3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42064F46-3012-4FB1-89BA-F13C2E4CBB6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F73E2EFA-0F43-4D92-8C7D-9E66811B76D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCF6CCE5-250D-4B10-AD18-7DE7D84BF220\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FFEA075-11EB-4E99-92A1-8B2883C64CC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6D325A0-3441-41AC-B00F-F2A7F85370A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"924AFE2D-D1BB-4026-9C12-BA379F8C5BEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"378A6656-252B-4929-83EA-BC107FDFD357\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"363395FA-C296-4B2B-9D6F-BCB8DBE6FACE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F62A2144-5EF8-4319-B8C2-D7975F51E5FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E703304-0752-46F2-998B-A3D37C9E7A54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"722969B5-36CD-4413-954B-347BB7E51FAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF295023-399E-4180-A28B-2DA3327A372C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E5A2A49-42B0-44EB-B606-999275DC1DA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54B0A494-14DD-4384-9DCE-14945EBE1A19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A890746E-EE1A-4DBC-BB04-84CC79767F85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6308E929-D44D-48A1-BAEE-47BE4E164124\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDD2640A-5964-4937-B912-CEA2173FAFEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11BE9059-29C1-417D-AFB3-98066E95D883\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B40B13B7-68B3-4510-968C-6A730EB46462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C93CC705-1F8C-4870-99E6-14BF264C3811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]}],\"references\":[{\"url\":\"https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities\",\"source\":\"security_alert@emc.com\"},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2021-AVI-560

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Systems	Oracle Systems version 2.3
Oracle	Systems	Oracle Systems version 11
Oracle	Systems	Oracle Systems versions antérieures à XCP2400, XCP3100
Oracle	Systems	Oracle Systems version 8.8
Oracle	Systems	Oracle Systems version 4.4

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujul2021 du 21 juillet 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Systems version 2.3",
      "product": {
        "name": "Systems",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Systems version 11",
      "product": {
        "name": "Systems",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Systems versions ant\u00e9rieures \u00e0 XCP2400, XCP3100",
      "product": {
        "name": "Systems",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Systems version 8.8",
      "product": {
        "name": "Systems",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Systems version 4.4",
      "product": {
        "name": "Systems",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-7183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7183"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2020-10683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
    },
    {
      "name": "CVE-2020-5421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5421"
    },
    {
      "name": "CVE-2021-2381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2381"
    },
    {
      "name": "CVE-2019-3740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3740"
    },
    {
      "name": "CVE-2021-3177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
    },
    {
      "name": "CVE-2017-16931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
    },
    {
      "name": "CVE-2019-10086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
    },
    {
      "name": "CVE-2017-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5461"
    },
    {
      "name": "CVE-2016-4429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4429"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-560",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2021 du 21 juillet 2021",
      "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
    }
  ]
}

CERTFR-2021-AVI-300

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Oracle WebLogic. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Weblogic	Oracle Weblogic Server 12.1.3.0.0
Oracle	Weblogic	Oracle Weblogic Server 12.2.1.3.0
Oracle	Weblogic	Oracle Weblogic Server 14.1.1.0.0
Oracle	Weblogic	Oracle Weblogic Server 12.2.1.4.0

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2021 du 20 avril 2021	None	vendor-advisory
Bulletin de sécurité Oracle Fusion cpuapr2021 du 20 avril 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Weblogic Server 12.1.3.0.0",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Weblogic Server 12.2.1.3.0",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Weblogic Server 14.1.1.0.0",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Weblogic Server 12.2.1.4.0",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-2135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2135"
    },
    {
      "name": "CVE-2021-2157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2157"
    },
    {
      "name": "CVE-2021-2211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2211"
    },
    {
      "name": "CVE-2021-2204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2204"
    },
    {
      "name": "CVE-2019-3740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3740"
    },
    {
      "name": "CVE-2020-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5360"
    },
    {
      "name": "CVE-2021-2294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2294"
    },
    {
      "name": "CVE-2019-10086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
    },
    {
      "name": "CVE-2021-2142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2142"
    },
    {
      "name": "CVE-2021-2214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2214"
    },
    {
      "name": "CVE-2021-2136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2136"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-300",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-04-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle WebLogic.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle WebLogic",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2021 du 20 avril 2021",
      "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle Fusion cpuapr2021 du 20 avril 2021",
      "url": "https://www.oracle.com/security-alerts/cpuapr2021verbose.html#FMW"
    }
  ]
}

CERTFR-2022-AVI-367

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle StorageTek ACSLS version 8.5.1
Oracle	N/A	Oracle Ethernet Switch TOR-72 version 1.2.2
Oracle	N/A	Oracle StorageTek Tape Analytics (STA) version 2.4
Oracle	N/A	Oracle Ethernet Switch ES1-24 version 1.3.1
Oracle	N/A	Oracle ZFS Storage Appliance Kit version 8.8
Oracle	N/A	Oracle Solaris Cluster version 4
Oracle	N/A	Oracle Solaris version 11

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle verbose cpuapr2022 du 19 avril 2022	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2022 du 19 avril 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle StorageTek ACSLS version 8.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Ethernet Switch TOR-72 version 1.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle StorageTek Tape Analytics (STA) version 2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Ethernet Switch ES1-24 version 1.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle ZFS Storage Appliance Kit version 8.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Solaris Cluster version 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Solaris version 11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-29425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
    },
    {
      "name": "CVE-2022-21446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21446"
    },
    {
      "name": "CVE-2019-17195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17195"
    },
    {
      "name": "CVE-2022-21416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21416"
    },
    {
      "name": "CVE-2020-5421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5421"
    },
    {
      "name": "CVE-2021-2351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2351"
    },
    {
      "name": "CVE-2021-39275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
    },
    {
      "name": "CVE-2020-9488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
    },
    {
      "name": "CVE-2022-21463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21463"
    },
    {
      "name": "CVE-2020-6950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
    },
    {
      "name": "CVE-2019-3740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3740"
    },
    {
      "name": "CVE-2020-1968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1968"
    },
    {
      "name": "CVE-2022-21461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21461"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2022-21494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21494"
    },
    {
      "name": "CVE-2020-11979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11979"
    },
    {
      "name": "CVE-2022-21493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21493"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-367",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-04-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle verbose cpuapr2022 du 19 avril 2022",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022verbose.html#SUNS"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2022 du 19 avril 2022",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixSUNS"
    }
  ]
}

CERTFR-2021-AVI-300

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Weblogic	Oracle Weblogic Server 12.1.3.0.0
Oracle	Weblogic	Oracle Weblogic Server 12.2.1.3.0
Oracle	Weblogic	Oracle Weblogic Server 14.1.1.0.0
Oracle	Weblogic	Oracle Weblogic Server 12.2.1.4.0

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2021 du 20 avril 2021	None	vendor-advisory
Bulletin de sécurité Oracle Fusion cpuapr2021 du 20 avril 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Weblogic Server 12.1.3.0.0",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Weblogic Server 12.2.1.3.0",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Weblogic Server 14.1.1.0.0",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Weblogic Server 12.2.1.4.0",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-2135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2135"
    },
    {
      "name": "CVE-2021-2157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2157"
    },
    {
      "name": "CVE-2021-2211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2211"
    },
    {
      "name": "CVE-2021-2204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2204"
    },
    {
      "name": "CVE-2019-3740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3740"
    },
    {
      "name": "CVE-2020-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5360"
    },
    {
      "name": "CVE-2021-2294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2294"
    },
    {
      "name": "CVE-2019-10086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
    },
    {
      "name": "CVE-2021-2142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2142"
    },
    {
      "name": "CVE-2021-2214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2214"
    },
    {
      "name": "CVE-2021-2136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2136"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-300",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-04-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle WebLogic.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle WebLogic",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2021 du 20 avril 2021",
      "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle Fusion cpuapr2021 du 20 avril 2021",
      "url": "https://www.oracle.com/security-alerts/cpuapr2021verbose.html#FMW"
    }
  ]
}

CERTFR-2021-AVI-560

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Systems	Oracle Systems version 2.3
Oracle	Systems	Oracle Systems version 11
Oracle	Systems	Oracle Systems versions antérieures à XCP2400, XCP3100
Oracle	Systems	Oracle Systems version 8.8
Oracle	Systems	Oracle Systems version 4.4

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujul2021 du 21 juillet 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Systems version 2.3",
      "product": {
        "name": "Systems",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Systems version 11",
      "product": {
        "name": "Systems",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Systems versions ant\u00e9rieures \u00e0 XCP2400, XCP3100",
      "product": {
        "name": "Systems",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Systems version 8.8",
      "product": {
        "name": "Systems",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Systems version 4.4",
      "product": {
        "name": "Systems",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-7183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7183"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2020-10683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
    },
    {
      "name": "CVE-2020-5421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5421"
    },
    {
      "name": "CVE-2021-2381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2381"
    },
    {
      "name": "CVE-2019-3740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3740"
    },
    {
      "name": "CVE-2021-3177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
    },
    {
      "name": "CVE-2017-16931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
    },
    {
      "name": "CVE-2019-10086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
    },
    {
      "name": "CVE-2017-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5461"
    },
    {
      "name": "CVE-2016-4429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4429"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-560",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2021 du 21 juillet 2021",
      "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
    }
  ]
}

CERTFR-2021-AVI-295

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Oracle Database. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle Database 12.2.0.1
Oracle	N/A	Oracle Database 18c
Oracle	N/A	Oracle Database 12.1.0.2
Oracle	N/A	Oracle Database 19c
Oracle	N/A	Oracle Application Express versions antérieures à 20.2

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2021 du 20 avril 2021	None	vendor-advisory
Bulletin de sécurité Oracle Database cpuapr2021 du 20 avril 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Database 12.2.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 18c",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 12.1.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 19c",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Express versions ant\u00e9rieures \u00e0 20.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-2234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2234"
    },
    {
      "name": "CVE-2021-2245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2245"
    },
    {
      "name": "CVE-2021-2175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2175"
    },
    {
      "name": "CVE-2020-7760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7760"
    },
    {
      "name": "CVE-2021-2173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2173"
    },
    {
      "name": "CVE-2019-3740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3740"
    },
    {
      "name": "CVE-2021-2207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2207"
    },
    {
      "name": "CVE-2020-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5360"
    },
    {
      "name": "CVE-2020-17527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-17527"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-295",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-04-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2021 du 20 avril 2021",
      "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle Database cpuapr2021 du 20 avril 2021",
      "url": "https://www.oracle.com/security-alerts/cpuapr2021verbose.html#DB"
    }
  ]
}

CERTFR-2022-AVI-367

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle StorageTek ACSLS version 8.5.1
Oracle	N/A	Oracle Ethernet Switch TOR-72 version 1.2.2
Oracle	N/A	Oracle StorageTek Tape Analytics (STA) version 2.4
Oracle	N/A	Oracle Ethernet Switch ES1-24 version 1.3.1
Oracle	N/A	Oracle ZFS Storage Appliance Kit version 8.8
Oracle	N/A	Oracle Solaris Cluster version 4
Oracle	N/A	Oracle Solaris version 11

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle verbose cpuapr2022 du 19 avril 2022	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2022 du 19 avril 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle StorageTek ACSLS version 8.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Ethernet Switch TOR-72 version 1.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle StorageTek Tape Analytics (STA) version 2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Ethernet Switch ES1-24 version 1.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle ZFS Storage Appliance Kit version 8.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Solaris Cluster version 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Solaris version 11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-29425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
    },
    {
      "name": "CVE-2022-21446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21446"
    },
    {
      "name": "CVE-2019-17195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17195"
    },
    {
      "name": "CVE-2022-21416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21416"
    },
    {
      "name": "CVE-2020-5421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5421"
    },
    {
      "name": "CVE-2021-2351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2351"
    },
    {
      "name": "CVE-2021-39275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
    },
    {
      "name": "CVE-2020-9488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
    },
    {
      "name": "CVE-2022-21463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21463"
    },
    {
      "name": "CVE-2020-6950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
    },
    {
      "name": "CVE-2019-3740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3740"
    },
    {
      "name": "CVE-2020-1968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1968"
    },
    {
      "name": "CVE-2022-21461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21461"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2022-21494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21494"
    },
    {
      "name": "CVE-2020-11979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11979"
    },
    {
      "name": "CVE-2022-21493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21493"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-367",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-04-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle verbose cpuapr2022 du 19 avril 2022",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022verbose.html#SUNS"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2022 du 19 avril 2022",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixSUNS"
    }
  ]
}

CERTFR-2021-AVI-295

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle Database 12.2.0.1
Oracle	N/A	Oracle Database 18c
Oracle	N/A	Oracle Database 12.1.0.2
Oracle	N/A	Oracle Database 19c
Oracle	N/A	Oracle Application Express versions antérieures à 20.2

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2021 du 20 avril 2021	None	vendor-advisory
Bulletin de sécurité Oracle Database cpuapr2021 du 20 avril 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Database 12.2.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 18c",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 12.1.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 19c",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Express versions ant\u00e9rieures \u00e0 20.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-2234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2234"
    },
    {
      "name": "CVE-2021-2245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2245"
    },
    {
      "name": "CVE-2021-2175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2175"
    },
    {
      "name": "CVE-2020-7760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7760"
    },
    {
      "name": "CVE-2021-2173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2173"
    },
    {
      "name": "CVE-2019-3740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3740"
    },
    {
      "name": "CVE-2021-2207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2207"
    },
    {
      "name": "CVE-2020-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5360"
    },
    {
      "name": "CVE-2020-17527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-17527"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-295",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-04-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2021 du 20 avril 2021",
      "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle Database cpuapr2021 du 20 avril 2021",
      "url": "https://www.oracle.com/security-alerts/cpuapr2021verbose.html#DB"
    }
  ]
}

CNVD-2019-43408

Vulnerability from cnvd - Published: 2019-12-03

Title

Dell RSA BSAFE Crypto-J信息泄露漏洞

Description

Dell RSA BSAFE Crypto-J是RSA经过FIPS验证的Java加密模块。 Dell RSA BSAFE Crypto-J 6.2.5之前版本在DSA密钥生成期间存在信息泄露漏洞。攻击者可利用该漏洞恢复DSA密钥。

Severity

中

Patch Name

Dell RSA BSAFE Crypto-J信息泄露漏洞的补丁

Patch Description

Dell RSA BSAFE Crypto-J是RSA经过FIPS验证的Java加密模块。 Dell RSA BSAFE Crypto-J 6.2.5之前版本在DSA密钥生成期间存在信息泄露漏洞。攻击者可利用该漏洞恢复DSA密钥。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.dell.com/support/security/fr-fr/details/DOC-106556/DSA-2019-094-RSA-BSAFE®-Crypto-J-Multiple-Security-Vulnerabilities

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-3740

Impacted products

Name
Dell RSA BSAFE Crypto-J <6.2.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-3740",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-3740"
    }
  },
  "description": "Dell RSA BSAFE Crypto-J\u662fRSA\u7ecf\u8fc7FIPS\u9a8c\u8bc1\u7684Java\u52a0\u5bc6\u6a21\u5757\u3002\n\nDell RSA BSAFE Crypto-J 6.2.5\u4e4b\u524d\u7248\u672c\u5728DSA\u5bc6\u94a5\u751f\u6210\u671f\u95f4\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6062\u590dDSA\u5bc6\u94a5\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.dell.com/support/security/fr-fr/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-43408",
  "openTime": "2019-12-03",
  "patchDescription": "Dell RSA BSAFE Crypto-J\u662fRSA\u7ecf\u8fc7FIPS\u9a8c\u8bc1\u7684Java\u52a0\u5bc6\u6a21\u5757\u3002\r\n\r\nDell RSA BSAFE Crypto-J 6.2.5\u4e4b\u524d\u7248\u672c\u5728DSA\u5bc6\u94a5\u751f\u6210\u671f\u95f4\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6062\u590dDSA\u5bc6\u94a5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell RSA BSAFE Crypto-J\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Dell RSA BSAFE Crypto-J \u003c6.2.5"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-3740",
  "serverity": "\u4e2d",
  "submitTime": "2019-09-19",
  "title": "Dell RSA BSAFE Crypto-J\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

VAR-201909-1539

Vulnerability from variot - Updated: 2023-12-18 11:14

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys. RSA BSAFE Crypto-J Contains an information disclosure vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201909-1539",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "retail store inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3"
      },
      {
        "model": "retail store inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0.4"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3.0"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.1.0.0"
      },
      {
        "model": "application performance management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.4.0.0"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "bsafe cert-j",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dell",
        "version": "6.2.4"
      },
      {
        "model": "retail service backbone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "goldengate",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.1.0.0.0.210420"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "bsafe ssl-j",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dell",
        "version": "6.2.4.1"
      },
      {
        "model": "application performance management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.3.0.0"
      },
      {
        "model": "retail assortment planning",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3.0"
      },
      {
        "model": "retail store inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.3"
      },
      {
        "model": "retail assortment planning",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3.0"
      },
      {
        "model": "global lifecycle management opatch",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.0.1.22"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.0.3"
      },
      {
        "model": "retail service backbone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "communications unified inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.3.2"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.0.1"
      },
      {
        "model": "communications unified inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.4.1"
      },
      {
        "model": "communications unified inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.3.5"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.0.2"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.3.0.0"
      },
      {
        "model": "communications network integrity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.3.6"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.0.2"
      },
      {
        "model": "storagetek acsls",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.5.1"
      },
      {
        "model": "retail store inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.3.0"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18c"
      },
      {
        "model": "bsafe crypto-j",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "dell",
        "version": "6.2.5"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19c"
      },
      {
        "model": "communications unified inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.3.4"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0.1"
      },
      {
        "model": "communications network integrity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.3.2"
      },
      {
        "model": "communications unified inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.4.0"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.3.6.0.0"
      },
      {
        "model": "communications network integrity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.3.5"
      },
      {
        "model": "retail service backbone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "storagetek tape analytics sw tool",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "2.3"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.5"
      },
      {
        "model": "bsafe cert-j",
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": "bsafe crypto-j",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "rsa security",
        "version": "6.2.5"
      },
      {
        "model": "bsafe ssl-j",
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009628"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3740"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.4.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.2.0.1.22",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "19.1.0.0.0.210420",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-3740"
      }
    ]
  },
  "cve": "CVE-2019-3740",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-3740",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-155175",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "security_alert@emc.com",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-3740",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-3740",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "security_alert@emc.com",
            "id": "CVE-2019-3740",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201909-881",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-155175",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155175"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009628"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3740"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-881"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys. RSA BSAFE Crypto-J Contains an information disclosure vulnerability.Information may be obtained. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-3740"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009628"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-155175"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-3740",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009628",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-881",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021042539",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042537",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021042641",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021042103",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072126",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-155175",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155175"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009628"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-881"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "id": "VAR-201909-1539",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155175"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:14:34.777000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DSA-2019-094: RSA BSAFE Crypto-J Multiple Security Vulnerabilities",
        "trust": 0.8,
        "url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026#174;-crypto-j-multiple-security-vulnerabilities"
      },
      {
        "title": "Dell RSA BSAFE Crypto-J Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98406"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009628"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-881"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-203",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155175"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009628"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3740"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 2.3,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 2.3,
        "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
      },
      {
        "trust": 2.3,
        "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
      },
      {
        "trust": 2.3,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3740"
      },
      {
        "trust": 1.0,
        "url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026#174%3b-crypto-j-multiple-security-vulnerabilities"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3740"
      },
      {
        "trust": 0.6,
        "url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u00ae-crypto-j-multiple-security-vulnerabilities"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072126"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021042539"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042537"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021042641"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021042103"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-april-2021-35122"
      },
      {
        "trust": 0.6,
        "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.1,
        "url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026amp;#174;-crypto-j-multiple-security-vulnerabilities"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155175"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009628"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-881"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-155175"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009628"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-881"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-09-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-155175"
      },
      {
        "date": "2019-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-009628"
      },
      {
        "date": "2019-09-18T23:15:11.173000",
        "db": "NVD",
        "id": "CVE-2019-3740"
      },
      {
        "date": "2019-09-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201909-881"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-155175"
      },
      {
        "date": "2019-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-009628"
      },
      {
        "date": "2023-11-07T03:10:11.167000",
        "db": "NVD",
        "id": "CVE-2019-3740"
      },
      {
        "date": "2022-04-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201909-881"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-881"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "RSA BSAFE Crypto-J Vulnerable to information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009628"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-881"
      }
    ],
    "trust": 0.6
  }
}

GHSA-7MMW-X6RM-HMR8

Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2024-04-04 01:58

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-3740"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-18T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.",
  "id": "GHSA-7mmw-x6rm-hmr8",
  "modified": "2024-04-04T01:58:23Z",
  "published": "2022-05-24T16:56:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3740"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-3740

Vulnerability from gsd - Updated: 2023-12-13 01:24

Details

Aliases

CVE-2019-3740

Aliases

CVE-2019-3740

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-3740",
    "description": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.",
    "id": "GSD-2019-3740"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-3740"
      ],
      "details": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.",
      "id": "GSD-2019-3740",
      "modified": "2023-12-13T01:24:03.389832Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@dell.com",
        "DATE_PUBLIC": "2019-08-15",
        "ID": "CVE-2019-3740",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "RSA BSAFE Crypto-J",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "prior to 6.2.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Dell"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": 6.5,
          "baseSeverity": "Medium",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-310: Cryptographic Issues"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "name": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities",
            "refsource": "MISC",
            "url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.4.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.2.0.1.22",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "19.1.0.0.0.210420",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2019-3740"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-203"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-06-07T18:40Z",
      "publishedDate": "2019-09-18T23:15Z"
    }
  }
}

FKIE_CVE-2019-3740

Vulnerability from fkie_nvd - Published: 2019-09-18 23:15 - Updated: 2024-11-21 04:42

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security_alert@emc.com	https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174%3B-Crypto-J-Multiple-Security-Vulnerabilities
security_alert@emc.com	https://www.oracle.com//security-alerts/cpujul2021.html	Patch, Third Party Advisory
security_alert@emc.com	https://www.oracle.com/security-alerts/cpuApr2021.html	Patch, Third Party Advisory
security_alert@emc.com	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Third Party Advisory
security_alert@emc.com	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Third Party Advisory
security_alert@emc.com	https://www.oracle.com/security-alerts/cpuoct2020.html	Patch, Third Party Advisory
security_alert@emc.com	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174%3B-Crypto-J-Multiple-Security-Vulnerabilities
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com//security-alerts/cpujul2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuApr2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2020.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
dell	bsafe_cert-j	*
dell	bsafe_crypto-j	*
dell	bsafe_ssl-j	*
oracle	application_performance_management	13.3.0.0
oracle	application_performance_management	13.4.0.0
oracle	communications_network_integrity	7.3.2
oracle	communications_network_integrity	7.3.5
oracle	communications_network_integrity	7.3.6
oracle	communications_unified_inventory_management	7.3.2
oracle	communications_unified_inventory_management	7.3.4
oracle	communications_unified_inventory_management	7.3.5
oracle	communications_unified_inventory_management	7.4.0
oracle	communications_unified_inventory_management	7.4.1
oracle	database	12.1.0.2
oracle	database	12.2.0.1
oracle	database	18c
oracle	database	19c
oracle	global_lifecycle_management_opatch	*
oracle	goldengate	*
oracle	retail_assortment_planning	15.0.3.0
oracle	retail_assortment_planning	16.0.3.0
oracle	retail_integration_bus	14.1
oracle	retail_integration_bus	15.0
oracle	retail_integration_bus	16.0
oracle	retail_predictive_application_server	14.1.3.0
oracle	retail_predictive_application_server	15.0
oracle	retail_predictive_application_server	15.0.3.0
oracle	retail_predictive_application_server	16.0.3.0
oracle	retail_service_backbone	14.1
oracle	retail_service_backbone	15.0
oracle	retail_service_backbone	16.0
oracle	retail_store_inventory_management	14.0.4
oracle	retail_store_inventory_management	14.1.3
oracle	retail_store_inventory_management	15.0.3
oracle	retail_store_inventory_management	16.0.3
oracle	retail_xstore_point_of_service	15.0.3
oracle	retail_xstore_point_of_service	16.0.5
oracle	retail_xstore_point_of_service	17.0.3
oracle	retail_xstore_point_of_service	18.0.2
oracle	retail_xstore_point_of_service	19.0.1
oracle	storagetek_acsls	8.5.1
oracle	storagetek_tape_analytics_sw_tool	2.3
oracle	weblogic_server	10.3.6.0.0
oracle	weblogic_server	12.1.3.0.0
oracle	weblogic_server	12.2.1.3.0
oracle	weblogic_server	12.2.1.4.0
oracle	weblogic_server	14.1.1.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1710B5A7-08C4-44D8-A175-044FCD92B314",
              "versionEndIncluding": "6.2.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9757B880-0E5B-40B1-A15C-0EAA52046A73",
              "versionEndExcluding": "6.2.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEE68BD5-3D1C-4D69-B026-319FBEDBC798",
              "versionEndIncluding": "6.2.4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E87B8C7B-2654-4F9C-9B5D-794DA484B42D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C6F5710-490D-41D4-8C9B-27FC530117A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7E8F4F3-1A39-4CBB-98C4-66D5DCE3F57D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "20352616-6BCA-485D-8DD7-DFC97AD6A30D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "160EBE76-7CED-4210-9FBB-8649B14DAE1A",
              "versionEndExcluding": "12.2.0.1.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68165D37-489E-45D7-BA7A-A38164B5C26D",
              "versionEndExcluding": "19.1.0.0.0.210420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44357172-4035-4D57-9C83-D80BDDE8E8C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDD1BFF-9B0D-45DA-86DC-05CF829107FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7DB324-98A0-40AD-96D4-0800340F6F3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCF6CCE5-250D-4B10-AD18-7DE7D84BF220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFEA075-11EB-4E99-92A1-8B2883C64CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6D325A0-3441-41AC-B00F-F2A7F85370A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "378A6656-252B-4929-83EA-BC107FDFD357",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E703304-0752-46F2-998B-A3D37C9E7A54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "722969B5-36CD-4413-954B-347BB7E51FAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF295023-399E-4180-A28B-2DA3327A372C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5A2A49-42B0-44EB-B606-999275DC1DA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "54B0A494-14DD-4384-9DCE-14945EBE1A19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A890746E-EE1A-4DBC-BB04-84CC79767F85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6308E929-D44D-48A1-BAEE-47BE4E164124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD2640A-5964-4937-B912-CEA2173FAFEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "11BE9059-29C1-417D-AFB3-98066E95D883",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys."
    },
    {
      "lang": "es",
      "value": "RSA BSAFE Crypto-J versiones anteriores a 6.2.5, son susceptibles a una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n por medio de vulnerabilidades de Discrepancia de Sincronizaci\u00f3n durante la generaci\u00f3n de claves DSA. Un atacante remoto malicioso podr\u00eda explotar potencialmente esas vulnerabilidades para recuperar claves DSA."
    }
  ],
  "id": "CVE-2019-3740",
  "lastModified": "2024-11-21T04:42:26.680",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-18T23:15:11.173",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-3740 (GCVE-0-2019-3740)

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature