CVE-2018-11058

Published Sep 14, 2018

Last updated 3 years ago

CVSS critical 9.8

Overview

Description: RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.
Source: security_alert@emc.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 3.0

Type: Secondary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-125

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F58C7A1-2DC4-4971-BCB5-1F7D4A152519",
            "versionEndExcluding": "4.0.11",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1E74A2F-4075-428D-A6E5-FE9387EB59CB",
            "versionEndExcluding": "4.1.6",
            "versionStartIncluding": "4.1.0"
          },
          {
            "criteria": "cpe:2.3:a:dell:bsafe_crypto-c:*:*:*:*:micro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34E7C1D1-796B-4FDD-A619-5DD75032FEBB",
            "versionEndExcluding": "4.0.5.3",
            "versionStartIncluding": "4.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55D98C27-734F-490B-92D5-251805C841B9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE48E0FE-5931-441C-B4FF-253BD9C48186"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE7A60DB-A287-4E61-8131-B6314007191B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1367C5D-8815-41E6-B609-E855CB8B1AA7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E150F02-5B34-4496-A024-335DF64D7F8F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4059F859-A7D8-4ADD-93EE-74AF082ED34A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9FFAF8E-4023-4599-9F0D-274E6517CB1B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B639209-A651-43FB-8F0C-B25F605521EC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24"
          },
          {
            "criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6F259E6-10A8-4207-8FC2-85ABD70B04C0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B1BE63E-7E2E-407C-92F3-664D7C5680C8"
          },
          {
            "criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4044230-5BF5-4B13-A853-E59D5592ADC6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B534B112-9BA4-467B-A58B-D89C0A6EFA9C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "008518E5-4814-46AA-B9E7-A3B2635D6D4B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "495ADD0F-AF15-495D-8E07-171CCF71DBD3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FD166F7-8A83-4BC7-A392-E830E87F841B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6DA0527-562D-457F-A2BB-3DF5EAABA1AB",
            "versionEndExcluding": "18.1.4.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References