CVE-2019-3738

CWE-325 CWE-3473 documents3 sources

Severity

6.5MEDIUM

EPSS

1.0%

top 23.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Bsafe Crypto-j Oracle Goldengate Dell Bsafe Cert-j +14 more

Timeline

PublishedSep 18

Latest updateMay 24

Description

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages17 packages

▶NVDdell/bsafe_crypto-j< 6.2.5

▶CVEListV5dell/rsa_bsafe_crypto-jprior to 6.2.5

▶NVDdell/bsafe_ssl-j6.2.4.1

▶NVDdell/bsafe_cert-j6.2.4

▶NVDoracle/goldengate< 19.1.0.0.0.210420+1

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-vq8w-mhc4-p67j: RSA BSAFE Crypto-J versions prior to 6↗2022-05-24

▶

CVEList

CVE-2019-3738: RSA BSAFE Crypto-J versions prior to 6↗2019-09-18

▶