CVE-2018-1000180

Published Jun 5, 2018

Last updated 3 days ago

CVSS high 7.5

Overview

Description: Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-327

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bouncycastle:fips_java_api:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADE442C0-3BFD-41E2-B89B-57C5D77AAF01",
            "versionEndIncluding": "1.0.1"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3787A4A3-DAB1-4ED8-834C-4E2598062877",
            "versionEndIncluding": "1.59",
            "versionStartIncluding": "1.54"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22"
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "013043A2-0765-4AF5-ABFC-6A8960FFBFD2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B887E174-57AB-449D-AEE4-82DD1A3E5C84"
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906"
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD9D7511-2934-4974-9C9E-3BE03B846734"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC967A48-D834-4E9B-8CEC-057E7D5B8174"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F920CDE4-DF29-4611-93E9-A386C89EDB62"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC361999-AAD8-4CB3-B00E-E3990C3529B4",
            "versionEndExcluding": "7.0.0.1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77120A3C-9A48-45FC-A620-5072AF325ACF",
            "versionEndExcluding": "7.2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9E13DD9-F456-4802-84AD-A2A1F12FE999"
          },
          {
            "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEB446C9-1AC2-4D7D-83DE-08934DDFC8B4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78DE9DFD-BB57-4BCF-BF73-FFCFF62420D5"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F87FC90-16D0-4051-8280-B0DD4441F10B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218"
          },
          {
            "criteria": "cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF4C318C-5D1E-479B-9597-9FAD9E186111"
          },
          {
            "criteria": "cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65994DC4-C9C0-48B0-88AB-E2958B4EB9E3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7756147-7168-4E03-93EE-31379F6BE88E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:virtualization:4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D53E13F7-469E-486C-8E86-69AA21091D23"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "868C0845-F25C-487F-A697-72917BE9D78E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References