CVE-2019-3739 — MEDIUM (6.5)

Q: How severe is CVE-2019-3739?

CVE-2019-3739 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-3739?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Bsafe Cert-J, Dell Bsafe Crypto-J, Dell Bsafe Ssl-J, Oracle Application Performance Management, Oracle Communications Network Integrity.

Vulnerability Description

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Dell	Bsafe Cert-J	<= 6.2.4
Dell	Bsafe Crypto-J	< 6.2.5
Dell	Bsafe Ssl-J	<= 6.2.4.1
Oracle	Application Performance Management	13.3.0.0
Oracle	Communications Network Integrity	7.3.2
Oracle	Database	12.1.0.2
Oracle	Goldengate	< 19.1.0.0.0.210420
Oracle	Retail Assortment Planning	15.0.3.0
Oracle	Retail Integration Bus	14.1
Oracle	Retail Predictive Application Server	14.1.3.0
Oracle	Retail Service Backbone	14.1
Oracle	Retail Store Inventory Management	14.0.4
Oracle	Retail Xstore Point Of Service	15.0.3
Oracle	Storagetek Acsls	8.5.1
Oracle	Storagetek Tape Analytics Sw Tool	2.3
Oracle	Weblogic Server	10.3.6.0.0

Related Weaknesses (CWE)

CWE-310 CWE-203

References

https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-
https://www.oracle.com//security-alerts/cpujul2021.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory
https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-
https://www.oracle.com//security-alerts/cpujul2021.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory

FAQ

What is CVE-2019-3739?

CVE-2019-3739 is a vulnerability with a CVSS score of 6.5 (MEDIUM). RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially ...

How severe is CVE-2019-3739?

CVE-2019-3739 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3739?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Bsafe Cert-J, Dell Bsafe Crypto-J, Dell Bsafe Ssl-J, Oracle Application Performance Management, Oracle Communications Network Integrity.