Lucene search

DellCVE-2018-11055

HistoryAug 31, 2018 - 6:29 p.m.

CVE-2018-11055

2018-08-3118:29:00

CWE-404

dell

web.nvd.nist.gov

cve-2018-11055

rsa

bsafe micro edition

heap inspection

security vulnerability

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

Percentile

9.7%

JSON

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release (‘Heap Inspection’) vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.

Affected configurations

Nvd

Vulners

Node

dellbsafeRange4.0.0–4.0.11micro_edition_suite

dellbsafeRange4.1.0–4.1.6.1micro_edition_suite

Node

oracleapplication_testing_suiteMatch13.3.0.1

oraclecommunications_analyticsMatch12.1.1

oraclecommunications_ip_service_activatorMatch7.3.0

oraclecommunications_ip_service_activatorMatch7.4.0

oraclecore_rdbmsMatch11.2.0.4

oraclecore_rdbmsMatch12.1.0.2

oraclecore_rdbmsMatch12.2.0.1

oraclecore_rdbmsMatch18c

oraclecore_rdbmsMatch19c

oracleenterprise_manager_ops_centerMatch12.3.3

oracleenterprise_manager_ops_centerMatch12.4.0

oraclegoldengate_application_adaptersMatch12.3.2.1.0

oraclejd_edwards_enterpriseone_toolsMatch9.2

oraclereal_user_experience_insightMatch13.1.2.1

oraclereal_user_experience_insightMatch13.2.3.1

oraclereal_user_experience_insightMatch13.3.1.0

oracleretail_predictive_application_serverMatch15.0.3

oracleretail_predictive_application_serverMatch16.0.3.0

oraclesecurity_serviceMatch11.1.1.9.0

oraclesecurity_serviceMatch12.1.3.0.0

oraclesecurity_serviceMatch12.2.1.3.0

oracletimesten_in-memory_databaseRange<18.1.4.1.0

VendorProductVersionCPE
dellbsafe*cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*
oracleapplication_testing_suite13.3.0.1cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
oraclecommunications_analytics12.1.1cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
oraclecommunications_ip_service_activator7.3.0cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*
oraclecommunications_ip_service_activator7.4.0cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
oraclecore_rdbms11.2.0.4cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*
oraclecore_rdbms12.1.0.2cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*
oraclecore_rdbms12.2.0.1cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*
oraclecore_rdbms18ccpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*
oraclecore_rdbms19ccpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	bsafe	*	cpe:2.3:a:dell:bsafe:::::micro_edition_suite:::*
oracle	application_testing_suite	13.3.0.1	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
oracle	communications_analytics	12.1.1	cpe:2.3:a:oracle:communications_analytics:12.1.1:::::::*
oracle	communications_ip_service_activator	7.3.0	cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:::::::*
oracle	communications_ip_service_activator	7.4.0	cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:::::::*
oracle	core_rdbms	11.2.0.4	cpe:2.3:a:oracle:core_rdbms:11.2.0.4:::::::*
oracle	core_rdbms	12.1.0.2	cpe:2.3:a:oracle:core_rdbms:12.1.0.2:::::::*
oracle	core_rdbms	12.2.0.1	cpe:2.3:a:oracle:core_rdbms:12.2.0.1:::::::*
oracle	core_rdbms	18c	cpe:2.3:a:oracle:core_rdbms:18c:::::::*
oracle	core_rdbms	19c	cpe:2.3:a:oracle:core_rdbms:19c:::::::*

Rows per page:

1-10 of 231

CNA Affected

[
  {
    "product": "BSAFE Micro Edition Suite",
    "vendor": "RSA",
    "versions": [
      {
        "lessThan": "4.0.11",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "4.1.6.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2018/Aug/46

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpujan2020.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

Percentile

9.7%

JSON

Related for CVE-2018-11055