Lucene search

[email protected]CVE-2018-15769

HistoryNov 16, 2018 - 9:29 p.m.

CVE-2018-15769

2018-11-1621:29:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2018-15769

rsa bsafe

micro edition

key management

vulnerability

tls

dos

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

9.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

73.5%

JSON

RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.

CPENameOperatorVersion
dell:bsafedell bsafelt4.0.11
dell:bsafedell bsafelt4.1.6.2
oracle:jd_edwards_enterpriseone_toolsoracle jd edwards enterpriseone toolseq9.2
oracle:security_serviceoracle security serviceeq12.1.3.0.0
oracle:enterprise_manager_ops_centeroracle enterprise manager ops centereq12.3.3
oracle:security_serviceoracle security serviceeq11.1.1.9.0
oracle:security_serviceoracle security serviceeq12.2.1.3.0
oracle:application_testing_suiteoracle application testing suiteeq13.3.0.1
oracle:retail_predictive_application_serveroracle retail predictive application servereq15.0.3
oracle:enterprise_manager_ops_centeroracle enterprise manager ops centereq12.4.0

CPE	Name	Operator	Version
dell:bsafe	dell bsafe	lt	4.0.11
dell:bsafe	dell bsafe	lt	4.1.6.2
oracle:jd_edwards_enterpriseone_tools	oracle jd edwards enterpriseone tools	eq	9.2
oracle:security_service	oracle security service	eq	12.1.3.0.0
oracle:enterprise_manager_ops_center	oracle enterprise manager ops center	eq	12.3.3
oracle:security_service	oracle security service	eq	11.1.1.9.0
oracle:security_service	oracle security service	eq	12.2.1.3.0
oracle:application_testing_suite	oracle application testing suite	eq	13.3.0.1
oracle:retail_predictive_application_server	oracle retail predictive application server	eq	15.0.3
oracle:enterprise_manager_ops_center	oracle enterprise manager ops center	eq	12.4.0

Rows per page:

1-10 of 241

References

www.securityfocus.com/bid/105929

www.securitytracker.com/id/1042057

seclists.org/fulldisclosure/2018/Nov/37

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpujan2020.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

9.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

73.5%

JSON

Related for CVE-2018-15769

prion1 oracle5