Bouncy Castle JCE Provider Design Vulnerability

🗓️ 06 Jun 2018 00:00:00Reported by China National Vulnerability DatabaseType

Bouncy Castle JCE Provider 1.55 allows invisible input in a signed frame via ECDSA ASN.1 flaw.

Reporter	Title	Published	Views	Family All 63
IBM Security Bulletins	Security Bulletin: Multiple Bouncy Castle Vulnerabilities Affect IBM Sterling B2B Integrator	13 Nov 202019:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium Big Data Intelligence is affected by a Using Components with Known Vulnerabilities vulnerability	14 Oct 201916:59	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in The Bouncy Castle Crypto Package For Java affect IBM Application Performance Management products	25 Sep 202309:11	–	ibm
IBM Security Bulletins	Security Bulletin: Bouncy Castle Vulnerabilities Affect IBM Sterling B2B Integrator	6 Oct 202114:43	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Bouncy Castle affects Apache Solr shipped with IBM Operations Analytics - Log Analysis	16 Apr 202115:46	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM webMethods B2B	25 Apr 202510:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling File Gateway is vulnerable to multiple issues due to Bouncy Castle	14 Oct 202221:58	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Bouncy Castle, Eclipse JGit and Node.js diff might affect IBM Storage Defender Copy Data Management	26 Sep 202518:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)	24 Aug 202010:03	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager	12 Mar 202614:42	–	ibm

Source	Link
github	www.github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647

22 Jun 2018 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 25

CVSS 37.5

EPSS0.00471