Vulnerabilities > CVE-2019-3738 - Missing Required Cryptographic Step vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

NVD

Published: 2019-09-18

Updated: 2023-11-07

Summary

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell Bsafe SSL J - Dell Bsafe SSL J 3.0 Dell Bsafe SSL J 3.0.1 Dell Bsafe SSL J 3.1 Dell Bsafe SSL J 5.0 Dell Bsafe SSL J 5.1 Dell Bsafe SSL J 5.1.1 Dell Bsafe SSL J 5.1.2 Dell Bsafe SSL J 5.1.3 Dell Bsafe SSL J 5.1.4 Dell Bsafe SSL J 5.2 Dell Bsafe SSL J 6.0 Dell Bsafe SSL J 6.0.1 Dell Bsafe SSL J 6.0.2 Dell Bsafe SSL J 6.1 Dell Bsafe SSL J 6.1.1 Dell Bsafe SSL J 6.1.2 Dell Bsafe SSL J 6.1.3 Dell Bsafe SSL J 6.1.4 Dell Bsafe SSL J 6.2 Dell Bsafe SSL J 6.2.1 Dell Bsafe SSL J 6.2.2 Dell Bsafe SSL J 6.2.4 Dell Bsafe SSL J 6.2.4.1 Dell Bsafe Crypto J - Dell Bsafe Crypto J 3.5 Dell Bsafe Crypto J 3.5.1 Dell Bsafe Crypto J 3.6 Dell Bsafe Crypto J 4.0 Dell Bsafe Crypto J 4.0.1 Dell Bsafe Crypto J 4.0.2 Dell Bsafe Crypto J 4.0.2.1 Dell Bsafe Crypto J 4.1 Dell Bsafe Crypto J 4.1.0.3 Dell Bsafe Crypto J 4.1.0.4 Dell Bsafe Crypto J 4.1.0.4.1 Dell Bsafe Crypto J 5.0 Dell Bsafe Crypto J 5.0.1 Dell Bsafe Crypto J 6.0 Dell Bsafe Crypto J 6.1 Dell Bsafe Crypto J 6.1.1 Dell Bsafe Crypto J 6.1.2 Dell Bsafe Crypto J 6.1.3 Dell Bsafe Crypto J 6.2 Dell Bsafe Crypto J 6.2.0.1 Dell Bsafe Crypto J 6.2.0.2 Dell Bsafe Crypto J 6.2.1 Dell Bsafe Crypto J 6.2.2 Dell Bsafe Crypto J 6.2.2.1 Dell Bsafe Crypto J 6.2.3 Dell Bsafe Crypto J 6.2.4 Dell Bsafe Crypto J 6.2.4.0.1 Dell Bsafe Crypto J 6.2.4.2 Dell Bsafe Cert J - Dell Bsafe Cert J 5.2 Dell Bsafe Cert J 6.0 Dell Bsafe Cert J 6.1 Dell Bsafe Cert J 6.2 Dell Bsafe Cert J 6.2.1 Dell Bsafe Cert J 6.2.4	60
Application	Mcafee Mcafee Threat Intelligence Exchange Server 3.0.0 Mcafee Threat Intelligence Exchange Server 2.0.0 Mcafee Threat Intelligence Exchange Server 2.0.1 Mcafee Threat Intelligence Exchange Server 2.1.0 Mcafee Threat Intelligence Exchange Server 2.1.1 Mcafee Threat Intelligence Exchange Server 2.2.0 Mcafee Threat Intelligence Exchange Server 2.3.0	18
Application	Oracle Oracle Retail Service Backbone 14.1 Oracle Retail Service Backbone 15.0 Oracle Retail Service Backbone 16.0 Oracle Retail Integration BUS 14.1 Oracle Retail Integration BUS 15.0 Oracle Retail Integration BUS 16.0 Oracle Communications Unified Inventory Management 7.3.2 Oracle Communications Unified Inventory Management 7.3.4 Oracle Communications Unified Inventory Management 7.3.5 Oracle Communications Unified Inventory Management 7.4.0 Oracle Communications Unified Inventory Management 7.4.1 Oracle Retail Xstore Point OF Service 17.0.3 Oracle Retail Xstore Point OF Service 15.0.3 Oracle Retail Xstore Point OF Service 16.0.5 Oracle Retail Xstore Point OF Service 18.0.2 Oracle Retail Xstore Point OF Service 19.0.1 Oracle Application Performance Management 13.3.0.0 Oracle Application Performance Management 13.4.0.0 Oracle Database 12.1.0.2 Oracle Database 12.2.0.1 Oracle Database 18C Oracle Database 19C Oracle Retail Assortment Planning 15.0.3.0 Oracle Retail Assortment Planning 16.0.3.0 Oracle Retail Predictive Application Server 14.1.3.0 Oracle Retail Predictive Application Server 15.0.3.0 Oracle Retail Predictive Application Server 16.0.3.0 Oracle Communications Network Integrity 7.3.5 Oracle Communications Network Integrity 7.3.6 Oracle Communications Network Integrity 7.3.2 Oracle Storagetek Tape Analytics SW Tool 2.3 Oracle Retail Store Inventory Management 14.0.4 Oracle Retail Store Inventory Management 14.1.3 Oracle Retail Store Inventory Management 15.0.3 Oracle Retail Store Inventory Management 16.0.3 Oracle Goldengate - Oracle Goldengate 11.2 Oracle Goldengate 12.1.2 Oracle Goldengate 12.1.2.1.0 Oracle Goldengate 12.2.0.1 Oracle Goldengate 12.2.0.2.0 Oracle Goldengate 12.3.0 Oracle Goldengate 12.3.0.1.0 Oracle Goldengate 12.3.0.1.2 Oracle Goldengate 12.3.0.1.6 Oracle Goldengate 12.3.2.1 Oracle Goldengate 12.3.2.1.1 Oracle Goldengate 18.1.0.0.0 Oracle Goldengate 18.1.0.0.1 Oracle Goldengate 19.1.0.0.0 Oracle Goldengate 19.1.0.0.0.210420	51

Common Weakness Enumeration (CWE)

CWE-325 - Missing Required Cryptographic Step

Common Attack Pattern Enumeration and Classification (CAPEC)

Subvert Code-signing Facilities
Because languages use code signing facilities to vouch for code's identity and to thus tie code to its assigned privileges within an environment, subverting this mechanism can be instrumental in an attacker escalating privilege. Any means of subverting the way that a virtual machine enforces code signing classifies for this style of attack. This pattern does not include circumstances through which a signing key has been stolen.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References