CVE-2019-3738

MEDIUM

RSA BSAFE Crypto-J < 6.2.5 - Missing Required Cryptographic Step

Title source: llm

Description

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.

References (8)

Core 8

Core References

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujul2020.html

Various Sources x_refsource_misc

https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174%3B-Crypto-J-Multiple-Security-Vulnerabilities

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuoct2020.html

Third Party Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10318

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuApr2021.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com//security-alerts/cpujul2021.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuapr2022.html

Scores

CVSS v3 6.5

EPSS 0.0097

EPSS Percentile 76.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-325 CWE-347

Status published

Products (42)

dell/bsafe_cert-j < 6.2.4

dell/bsafe_crypto-j < 6.2.5

dell/bsafe_ssl-j < 6.2.4.1

mcafee/threat_intelligence_exchange_server 3.0.0

mcafee/threat_intelligence_exchange_server 2.0.0 - 2.3.1

oracle/application_performance_management 13.3.0.0

oracle/application_performance_management 13.4.0.0

oracle/communications_network_integrity 7.3.2

oracle/communications_network_integrity 7.3.5

oracle/communications_network_integrity 7.3.6

... and 32 more

Published Sep 18, 2019

Tracked Since Feb 18, 2026