CVE-2019-3740

MEDIUM

RSA BSAFE Crypto-J < 6.2.5 - Information Exposure Through Timing Discrepancy During DSA Key Generation

Title source: llm

Description

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.

References (7)

Core 7

Core References

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujul2020.html

Various Sources x_refsource_misc

https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174%3B-Crypto-J-Multiple-Security-Vulnerabilities

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuoct2020.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuApr2021.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com//security-alerts/cpujul2021.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuapr2022.html

Scores

CVSS v3 6.5

EPSS 0.0124

EPSS Percentile 79.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-310 CWE-203

Status published

Products (47)

dell/bsafe_cert-j < 6.2.4

dell/bsafe_crypto-j < 6.2.5

dell/bsafe_ssl-j < 6.2.4.1

oracle/application_performance_management 13.3.0.0

oracle/application_performance_management 13.4.0.0

oracle/communications_network_integrity 7.3.2

oracle/communications_network_integrity 7.3.5

oracle/communications_network_integrity 7.3.6

oracle/communications_unified_inventory_management 7.3.2

oracle/communications_unified_inventory_management 7.3.4

... and 37 more

Published Sep 18, 2019

Tracked Since Feb 18, 2026