CVE-2019-3738
Summary
| CVE | CVE-2019-3738 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-09-18 23:15:00 UTC |
| Updated | 2023-11-07 03:10:00 UTC |
| Description | RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key. |
Risk And Classification
Problem Types: CWE-325
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Dell | Bsafe Cert-j | All | All | All | All |
| Application | Dell | Bsafe Crypto-j | All | All | All | All |
| Application | Dell | Bsafe Ssl-j | All | All | All | All |
| Application | Mcafee | Threat Intelligence Exchange Server | 3.0.0 | All | All | All |
| Application | Mcafee | Threat Intelligence Exchange Server | All | All | All | All |
| Application | Oracle | Application Performance Management | 13.3.0.0 | All | All | All |
| Application | Oracle | Application Performance Management | 13.4.0.0 | All | All | All |
| Application | Oracle | Communications Network Integrity | 7.3.2 | All | All | All |
| Application | Oracle | Communications Network Integrity | 7.3.5 | All | All | All |
| Application | Oracle | Communications Network Integrity | 7.3.6 | All | All | All |
| Application | Oracle | Communications Unified Inventory Management | 7.3.2 | All | All | All |
| Application | Oracle | Communications Unified Inventory Management | 7.3.4 | All | All | All |
| Application | Oracle | Communications Unified Inventory Management | 7.3.5 | All | All | All |
| Application | Oracle | Communications Unified Inventory Management | 7.4.0 | All | All | All |
| Application | Oracle | Communications Unified Inventory Management | 7.4.1 | All | All | All |
| Application | Oracle | Database | 12.1.0.2 | All | All | All |
| Application | Oracle | Database | 12.2.0.1 | All | All | All |
| Application | Oracle | Database | 18c | All | All | All |
| Application | Oracle | Database | 19c | All | All | All |
| Application | Oracle | Goldengate | All | All | All | All |
| Application | Oracle | Goldengate | 19.1.0.0.0.210420 | All | All | All |
| Application | Oracle | Retail Assortment Planning | 15.0.3.0 | All | All | All |
| Application | Oracle | Retail Assortment Planning | 16.0.3.0 | All | All | All |
| Application | Oracle | Retail Integration Bus | 14.1 | All | All | All |
| Application | Oracle | Retail Integration Bus | 15.0 | All | All | All |
| Application | Oracle | Retail Integration Bus | 16.0 | All | All | All |
| Application | Oracle | Retail Predictive Application Server | 14.1.3.0 | All | All | All |
| Application | Oracle | Retail Predictive Application Server | 15.0.3.0 | All | All | All |
| Application | Oracle | Retail Predictive Application Server | 16.0.3.0 | All | All | All |
| Application | Oracle | Retail Service Backbone | 14.1 | All | All | All |
| Application | Oracle | Retail Service Backbone | 15.0 | All | All | All |
| Application | Oracle | Retail Service Backbone | 16.0 | All | All | All |
| Application | Oracle | Retail Store Inventory Management | 14.0.4 | All | All | All |
| Application | Oracle | Retail Store Inventory Management | 14.1.3 | All | All | All |
| Application | Oracle | Retail Store Inventory Management | 15.0.3 | All | All | All |
| Application | Oracle | Retail Store Inventory Management | 16.0.3 | All | All | All |
| Application | Oracle | Retail Xstore Point Of Service | 15.0.3 | All | All | All |
| Application | Oracle | Retail Xstore Point Of Service | 16.0.5 | All | All | All |
| Application | Oracle | Retail Xstore Point Of Service | 17.0.3 | All | All | All |
| Application | Oracle | Retail Xstore Point Of Service | 18.0.2 | All | All | All |
| Application | Oracle | Retail Xstore Point Of Service | 19.0.1 | All | All | All |
| Application | Oracle | Storagetek Tape Analytics Sw Tool | 2.3 | All | All | All |
| Application | Rsa | Bsafe Cert-j | All | All | All | All |
| Application | Rsa | Bsafe Crypto-j | All | All | All | All |
| Application | Rsa | Bsafe Crypto-j | All | All | All | All |
| Application | Rsa | Bsafe Ssl-j | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Access Denied | MISC | www.dell.com | Third Party Advisory |
| Oracle Critical Patch Update Advisory - July 2020 | MISC | www.oracle.com | |
| Oracle Critical Patch Update Advisory - April 2022 | MISC | www.oracle.com | |
| McAfee Security Bulletin - Threat Intelligence Exchange Server update fixes five third-party vulnerabilities (CVE-2019-3738, CVE-2020-0543, CVE-2020-0549, CVE-2020-2781, and CVE-2020-2830) | CONFIRM | kc.mcafee.com | |
| Oracle Critical Patch Update Advisory - October 2020 | MISC | www.oracle.com | |
| Oracle Critical Patch Update Advisory - July 2021 | N/A | www.oracle.com | |
| Oracle Critical Patch Update Advisory - October 2021 | MISC | www.oracle.com | |
| Oracle Critical Patch Update Advisory - April 2021 | MISC | www.oracle.com | |
| Access Denied | www.dell.com | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.