DSA-2019-094: RSA BSAFE Crypto-J Multiple Security Vulnerabilities

Zusammenfassung: RSA BSAFE Crypto-J contains fixes for multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.

Dieser Artikel gilt für Dieser Artikel gilt nicht für Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden. In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Andere Ressourcen ansehen

Auswirkungen

Medium

Details

  • Missing Required Cryptographic Step – CVE-2019-3738
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
 
CVSSv3 Base Score: 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) – Medium
 
  • Information Exposure Through Timing Discrepancy – CVE-2019-3739
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
 
CVSSv3 Base Score: 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) – Medium
 
  • Information Exposure Through Timing Discrepancy – CVE-2019-3740
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
 
CVSSv3 Base Score: 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) – Medium
  • Missing Required Cryptographic Step – CVE-2019-3738
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
 
CVSSv3 Base Score: 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) – Medium
 
  • Information Exposure Through Timing Discrepancy – CVE-2019-3739
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
 
CVSSv3 Base Score: 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) – Medium
 
  • Information Exposure Through Timing Discrepancy – CVE-2019-3740
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
 
CVSSv3 Base Score: 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) – Medium
Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.

Betroffene Produkte und Korrektur

Affected Products

  • RSA BSAFE Crypto-J versions prior to 6.2.5
  • RSA BSAFE SSL-J, all currently supported versions where 6.2.4.1 is the most recent release as of this advisory
  • RSA BSAFE Cert-J, all currently supported versions where 6.2.4 is the most recent release as of this advisory

Remediation


The following RSA BSAFE Crypto-J release contains resolutions to these vulnerabilities:
  • RSA BSAFE Crypto-J 6.2.5mo 
RSA recommends all customers upgrade Crypto-J at the earliest opportunity.
 
As RSA BSAFE SSL-J uses Crypto-J for all cryptographic operations, RSA recommends all customers to upgrade to BSAFE SSL-J 6.2.4.x which supports using Crypto-J 6.2.5. Future releases of SSL-J 6.2.4.x will include Crypto-J 6.2.5.
 
As RSA BSAFE Cert-J uses Crypto-J for all cryptographic operations, RSA recommends all customers to upgrade to BSAFE Cert-J 6.2.4 which supports using Crypto-J 6.2.5. Future releases of Cert-J will include Crypto-J 6.2.5.

 

For additional documentation, downloads and more, visit the RSA BSAFE page on RSA Link.

Affected Products

  • RSA BSAFE Crypto-J versions prior to 6.2.5
  • RSA BSAFE SSL-J, all currently supported versions where 6.2.4.1 is the most recent release as of this advisory
  • RSA BSAFE Cert-J, all currently supported versions where 6.2.4 is the most recent release as of this advisory

Remediation


The following RSA BSAFE Crypto-J release contains resolutions to these vulnerabilities:
  • RSA BSAFE Crypto-J 6.2.5mo 
RSA recommends all customers upgrade Crypto-J at the earliest opportunity.
 
As RSA BSAFE SSL-J uses Crypto-J for all cryptographic operations, RSA recommends all customers to upgrade to BSAFE SSL-J 6.2.4.x which supports using Crypto-J 6.2.5. Future releases of SSL-J 6.2.4.x will include Crypto-J 6.2.5.
 
As RSA BSAFE Cert-J uses Crypto-J for all cryptographic operations, RSA recommends all customers to upgrade to BSAFE Cert-J 6.2.4 which supports using Crypto-J 6.2.5. Future releases of Cert-J will include Crypto-J 6.2.5.

 

For additional documentation, downloads and more, visit the RSA BSAFE page on RSA Link.

Danksagung

RSA would like to thank Antonio Sanso for reporting CVE -2019-3739 and CVE-2019-3740.

Zugehörige Informationen

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Rechtlicher Hinweis

Betroffene Produkte

BSAFE Crypto-J, Product Security Information
Artikeleigenschaften
Artikelnummer: 000180998
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 18 Sept. 2025
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.