{ "schema_version": "1.4.0", "id": "GHSA-vq8w-mhc4-p67j", "modified": "2024-04-04T01:58:26Z", "published": "2022-05-24T16:56:30Z", "aliases": [ "CVE-2019-3738" ], "details": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3738" }, { "type": "WEB", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10318" }, { "type": "WEB", "url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities" }, { "type": "WEB", "url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®-Crypto-J-Multiple-Security-Vulnerabilities" }, { "type": "WEB", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" } ], "database_specific": { "cwe_ids": [ "CWE-325", "CWE-347" ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2019-09-18T23:15:00Z" } }