CVE-2018-11057

Published Aug 31, 2018

Last updated 3 years ago

CVSS medium 5.9

Overview

Description: RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.
Source: security_alert@emc.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 3.0

Type: Secondary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-327

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F58C7A1-2DC4-4971-BCB5-1F7D4A152519",
            "versionEndExcluding": "4.0.11",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DF1347A-3AFB-40CC-B1AD-F2DAC90502D1",
            "versionEndExcluding": "4.1.6.1",
            "versionStartIncluding": "4.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55D98C27-734F-490B-92D5-251805C841B9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE48E0FE-5931-441C-B4FF-253BD9C48186"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE7A60DB-A287-4E61-8131-B6314007191B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1367C5D-8815-41E6-B609-E855CB8B1AA7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E150F02-5B34-4496-A024-335DF64D7F8F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4059F859-A7D8-4ADD-93EE-74AF082ED34A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9FFAF8E-4023-4599-9F0D-274E6517CB1B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B639209-A651-43FB-8F0C-B25F605521EC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24"
          },
          {
            "criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6F259E6-10A8-4207-8FC2-85ABD70B04C0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B1BE63E-7E2E-407C-92F3-664D7C5680C8"
          },
          {
            "criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4044230-5BF5-4B13-A853-E59D5592ADC6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B534B112-9BA4-467B-A58B-D89C0A6EFA9C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "008518E5-4814-46AA-B9E7-A3B2635D6D4B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "495ADD0F-AF15-495D-8E07-171CCF71DBD3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FD166F7-8A83-4BC7-A392-E830E87F841B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6DA0527-562D-457F-A2BB-3DF5EAABA1AB",
            "versionEndExcluding": "18.1.4.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References