Description

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.

Remediation

References

CVE-2019-3740

Related Vulnerabilities

WordPress Plugin Print Invoice & Delivery Notes for WooCommerce Cross-Site Request Forgery (4.7.2)

Moodle Insertion of Sensitive Information into Log File Vulnerability (CVE-2018-10889)

WordPress Plugin Media from FTP PHP Object Injection (9.79)

Family Connections Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-5130)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2206)

Severity

Medium

Classification

CVE-2019-3740 CWE-203 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities