CVE-2019-3739

MEDIUM

RSA BSAFE Crypto-J < 6.2.5 - Information Exposure Through Timing Discrepancy During ECDSA Key Generation

Title source: llm

Description

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.

References (7)

Core 7

Core References

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujul2020.html

Various Sources x_refsource_misc

https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174%3B-Crypto-J-Multiple-Security-Vulnerabilities

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuoct2020.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuApr2021.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com//security-alerts/cpujul2021.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuapr2022.html

Scores

CVSS v3 6.5

EPSS 0.0124

EPSS Percentile 79.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-310 CWE-203

Status published

Products (39)

dell/bsafe_cert-j < 6.2.4

dell/bsafe_crypto-j < 6.2.5

dell/bsafe_ssl-j < 6.2.4.1

oracle/application_performance_management 13.3.0.0

oracle/application_performance_management 13.4.0.0

oracle/communications_network_integrity 7.3.2

oracle/communications_network_integrity 7.3.5

oracle/communications_network_integrity 7.3.6

oracle/database 12.1.0.2

oracle/database 12.2.0.1

... and 29 more

Published Sep 18, 2019

Tracked Since Feb 18, 2026