DSA-2019-094: RSA BSAFE Crypto-J Multiple Security Vulnerabilities
Riepilogo: RSA BSAFE Crypto-J contains fixes for multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Impatto
Medium
Dettagli
- Missing Required Cryptographic Step – CVE-2019-3738
CVSSv3 Base Score: 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) – Medium
- Information Exposure Through Timing Discrepancy – CVE-2019-3739
CVSSv3 Base Score: 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) – Medium
- Information Exposure Through Timing Discrepancy – CVE-2019-3740
CVSSv3 Base Score: 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) – Medium
- Missing Required Cryptographic Step – CVE-2019-3738
CVSSv3 Base Score: 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) – Medium
- Information Exposure Through Timing Discrepancy – CVE-2019-3739
CVSSv3 Base Score: 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) – Medium
- Information Exposure Through Timing Discrepancy – CVE-2019-3740
CVSSv3 Base Score: 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) – Medium
Prodotti interessati e correzione
Affected Products
- RSA BSAFE Crypto-J versions prior to 6.2.5
- RSA BSAFE SSL-J, all currently supported versions where 6.2.4.1 is the most recent release as of this advisory
- RSA BSAFE Cert-J, all currently supported versions where 6.2.4 is the most recent release as of this advisory
Remediation
The following RSA BSAFE Crypto-J release contains resolutions to these vulnerabilities:
- RSA BSAFE Crypto-J 6.2.5mo
As RSA BSAFE SSL-J uses Crypto-J for all cryptographic operations, RSA recommends all customers to upgrade to BSAFE SSL-J 6.2.4.x which supports using Crypto-J 6.2.5. Future releases of SSL-J 6.2.4.x will include Crypto-J 6.2.5.
As RSA BSAFE Cert-J uses Crypto-J for all cryptographic operations, RSA recommends all customers to upgrade to BSAFE Cert-J 6.2.4 which supports using Crypto-J 6.2.5. Future releases of Cert-J will include Crypto-J 6.2.5.
For additional documentation, downloads and more, visit the RSA BSAFE page on RSA Link.
Affected Products
- RSA BSAFE Crypto-J versions prior to 6.2.5
- RSA BSAFE SSL-J, all currently supported versions where 6.2.4.1 is the most recent release as of this advisory
- RSA BSAFE Cert-J, all currently supported versions where 6.2.4 is the most recent release as of this advisory
Remediation
The following RSA BSAFE Crypto-J release contains resolutions to these vulnerabilities:
- RSA BSAFE Crypto-J 6.2.5mo
As RSA BSAFE SSL-J uses Crypto-J for all cryptographic operations, RSA recommends all customers to upgrade to BSAFE SSL-J 6.2.4.x which supports using Crypto-J 6.2.5. Future releases of SSL-J 6.2.4.x will include Crypto-J 6.2.5.
As RSA BSAFE Cert-J uses Crypto-J for all cryptographic operations, RSA recommends all customers to upgrade to BSAFE Cert-J 6.2.4 which supports using Crypto-J 6.2.5. Future releases of Cert-J will include Crypto-J 6.2.5.
For additional documentation, downloads and more, visit the RSA BSAFE page on RSA Link.
Ringraziamenti
RSA would like to thank Antonio Sanso for reporting CVE -2019-3739 and CVE-2019-3740.
Informazioni correlate
Dichiarazione di non responsabilità
Prodotti interessati
BSAFE Crypto-J, Product Security InformationProprietà dell'articolo
Numero articolo: 000180998
Tipo di articolo: Dell Security Advisory
Ultima modifica: 18 set 2025
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.