Lucene search

[email protected]CVE-2018-11055

HistoryAug 31, 2018 - 6:29 p.m.

CVE-2018-11055

2018-08-3118:29:00

CWE-404

[email protected]

web.nvd.nist.gov

cve-2018-11055

rsa

bsafe micro edition

heap inspection

security vulnerability

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.7%

JSON

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release (‘Heap Inspection’) vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.

Affected configurations

NVD

Node

dellbsafeRange4.0.0–4.0.11micro_edition_suite

dellbsafeRange4.1.0–4.1.6.1micro_edition_suite

Node

oracleapplication_testing_suiteMatch13.3.0.1

oraclecommunications_analyticsMatch12.1.1

oraclecommunications_ip_service_activatorMatch7.3.0

oraclecommunications_ip_service_activatorMatch7.4.0

oraclecore_rdbmsMatch11.2.0.4

oraclecore_rdbmsMatch12.1.0.2

oraclecore_rdbmsMatch12.2.0.1

oraclecore_rdbmsMatch18c

oraclecore_rdbmsMatch19c

oracleenterprise_manager_ops_centerMatch12.3.3

oracleenterprise_manager_ops_centerMatch12.4.0

oraclegoldengate_application_adaptersMatch12.3.2.1.0

oraclejd_edwards_enterpriseone_toolsMatch9.2

oraclereal_user_experience_insightMatch13.1.2.1

oraclereal_user_experience_insightMatch13.2.3.1

oraclereal_user_experience_insightMatch13.3.1.0

oracleretail_predictive_application_serverMatch15.0.3

oracleretail_predictive_application_serverMatch16.0.3.0

oraclesecurity_serviceMatch11.1.1.9.0

oraclesecurity_serviceMatch12.1.3.0.0

oraclesecurity_serviceMatch12.2.1.3.0

oracletimesten_in-memory_databaseRange<18.1.4.1.0

CPENameOperatorVersion
dell:bsafedell bsafelt4.0.11
dell:bsafedell bsafelt4.1.6.1

CPE	Name	Operator	Version
dell:bsafe	dell bsafe	lt	4.0.11
dell:bsafe	dell bsafe	lt	4.1.6.1

CNA Affected

[
  {
    "product": "BSAFE Micro Edition Suite",
    "vendor": "RSA",
    "versions": [
      {
        "lessThan": "4.0.11",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "4.1.6.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2018/Aug/46

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpujan2020.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.7%

JSON

Related for CVE-2018-11055

prion1 cvelist1 nvd1 oracle5