cvelistv5 - cve-2018-11054

CVE-2018-11054 (GCVE-0-2018-11054)

Vulnerability from cvelistv5 – Published: 2018-08-31 18:00 – Updated: 2024-08-05 07:54

Summary

RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.

Severity ?

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

integer overflow vulnerability

Assigner

dell

References

URL

Tags

	http://seclists.org/fulldisclosure/2018/Aug/46	mailing-listx_refsource_FULLDISC
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	RSA	BSAFE Micro Edition Suite	Affected: 4.1.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:54:36.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2018/Aug/46"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BSAFE Micro Edition Suite",
          "vendor": "RSA",
          "versions": [
            {
              "status": "affected",
              "version": "4.1.6"
            }
          ]
        }
      ],
      "datePublic": "2018-08-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "integer overflow vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:53",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2018/Aug/46"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2018-11054",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BSAFE Micro Edition Suite",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "4.1.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "RSA"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "integer overflow vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2018/Aug/46"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-11054",
    "datePublished": "2018-08-31T18:00:00",
    "dateReserved": "2018-05-14T00:00:00",
    "dateUpdated": "2024-08-05T07:54:36.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:bsafe:4.1.6:*:*:*:micro_edition_suite:*:*:*\", \"matchCriteriaId\": \"F82A961E-9004-4F29-8346-496CDAC5F2FC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A125E817-F974-4509-872C-B71933F42AD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55D98C27-734F-490B-92D5-251805C841B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_ip_service_activator:7.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDB13348-C8CA-4E71-9DC6-091B09D52E96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE7A60DB-A287-4E61-8131-B6314007191B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1367C5D-8815-41E6-B609-E855CB8B1AA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E150F02-5B34-4496-A024-335DF64D7F8F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4059F859-A7D8-4ADD-93EE-74AF082ED34A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9FFAF8E-4023-4599-9F0D-274E6517CB1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B639209-A651-43FB-8F0C-B25F605521EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37209C6F-EF99-4D21-9608-B3A06D283D24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6F259E6-10A8-4207-8FC2-85ABD70B04C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B1BE63E-7E2E-407C-92F3-664D7C5680C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4044230-5BF5-4B13-A853-E59D5592ADC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B534B112-9BA4-467B-A58B-D89C0A6EFA9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24A3C819-5151-4543-A5C6-998C9387C8A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FB98961-8C99-4490-A6B8-9A5158784F5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"008518E5-4814-46AA-B9E7-A3B2635D6D4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"495ADD0F-AF15-495D-8E07-171CCF71DBD3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:security_service:12.2.1.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"159F3C77-88C9-40B4-8FD2-70C8C208F95A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"18.1.4.1.0\", \"matchCriteriaId\": \"EF096355-CD16-4F20-8E2D-1297BE6BC560\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.\"}, {\"lang\": \"es\", \"value\": \"RSA BSAFE Micro Edition Suite, en su versi\\u00f3n 4.1.6, contiene una vulnerabilidad de desbordamiento de enteros. Un atacante remoto podr\\u00eda emplear datos ASN.1 construidos de forma maliciosa para provocar una denegaci\\u00f3n de servicio (DoS).\"}]",
      "id": "CVE-2018-11054",
      "lastModified": "2024-11-21T03:42:34.523",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV30\": [{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-08-31T18:29:00.263",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2018/Aug/46\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2018/Aug/46\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-11054\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2018-08-31T18:29:00.263\",\"lastModified\":\"2024-11-21T03:42:34.523\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.\"},{\"lang\":\"es\",\"value\":\"RSA BSAFE Micro Edition Suite, en su versi\u00f3n 4.1.6, contiene una vulnerabilidad de desbordamiento de enteros. Un atacante remoto podr\u00eda emplear datos ASN.1 construidos de forma maliciosa para provocar una denegaci\u00f3n de servicio (DoS).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:bsafe:4.1.6:*:*:*:micro_edition_suite:*:*:*\",\"matchCriteriaId\":\"F82A961E-9004-4F29-8346-496CDAC5F2FC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A125E817-F974-4509-872C-B71933F42AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55D98C27-734F-490B-92D5-251805C841B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_ip_service_activator:7.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDB13348-C8CA-4E71-9DC6-091B09D52E96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE7A60DB-A287-4E61-8131-B6314007191B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1367C5D-8815-41E6-B609-E855CB8B1AA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E150F02-5B34-4496-A024-335DF64D7F8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4059F859-A7D8-4ADD-93EE-74AF082ED34A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9FFAF8E-4023-4599-9F0D-274E6517CB1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B639209-A651-43FB-8F0C-B25F605521EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37209C6F-EF99-4D21-9608-B3A06D283D24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6F259E6-10A8-4207-8FC2-85ABD70B04C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B1BE63E-7E2E-407C-92F3-664D7C5680C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4044230-5BF5-4B13-A853-E59D5592ADC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B534B112-9BA4-467B-A58B-D89C0A6EFA9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24A3C819-5151-4543-A5C6-998C9387C8A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FB98961-8C99-4490-A6B8-9A5158784F5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"008518E5-4814-46AA-B9E7-A3B2635D6D4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"495ADD0F-AF15-495D-8E07-171CCF71DBD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:security_service:12.2.1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"159F3C77-88C9-40B4-8FD2-70C8C208F95A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"18.1.4.1.0\",\"matchCriteriaId\":\"EF096355-CD16-4F20-8E2D-1297BE6BC560\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2018/Aug/46\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2018/Aug/46\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

FKIE_CVE-2018-11054

Vulnerability from fkie_nvd - Published: 2018-08-31 18:29 - Updated: 2024-11-21 03:42

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.

References

URL	Tags
security_alert@emc.com	http://seclists.org/fulldisclosure/2018/Aug/46	Mailing List, Third Party Advisory
security_alert@emc.com	https://www.oracle.com/security-alerts/cpuapr2020.html	Patch, Third Party Advisory
security_alert@emc.com	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Third Party Advisory
security_alert@emc.com	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Third Party Advisory
security_alert@emc.com	https://www.oracle.com/security-alerts/cpuoct2020.html	Patch, Third Party Advisory
security_alert@emc.com	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2018/Aug/46	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2020.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
dell	bsafe	4.1.6
oracle	application_testing_suite	13.3.0.1
oracle	communications_analytics	12.1.1
oracle	communications_ip_service_activator	7.3.4
oracle	communications_ip_service_activator	7.4.0
oracle	core_rdbms	11.2.0.4
oracle	core_rdbms	12.1.0.2
oracle	core_rdbms	12.2.0.1
oracle	core_rdbms	18c
oracle	core_rdbms	19c
oracle	enterprise_manager_ops_center	12.3.3
oracle	enterprise_manager_ops_center	12.4.0
oracle	goldengate_application_adapters	12.3.2.1.0
oracle	jd_edwards_enterpriseone_tools	9.2
oracle	real_user_experience_insight	13.1.2.1
oracle	real_user_experience_insight	13.2.3.1
oracle	real_user_experience_insight	13.3.1.0
oracle	retail_predictive_application_server	15.0.3
oracle	retail_predictive_application_server	16.0.3
oracle	security_service	11.1.1.9.0
oracle	security_service	12.1.3.0.0
oracle	security_service	12.2.1.2.0
oracle	timesten_in-memory_database	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dell:bsafe:4.1.6:*:*:*:micro_edition_suite:*:*:*",
              "matchCriteriaId": "F82A961E-9004-4F29-8346-496CDAC5F2FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55D98C27-734F-490B-92D5-251805C841B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB13348-C8CA-4E71-9DC6-091B09D52E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7A60DB-A287-4E61-8131-B6314007191B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1367C5D-8815-41E6-B609-E855CB8B1AA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E150F02-5B34-4496-A024-335DF64D7F8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4059F859-A7D8-4ADD-93EE-74AF082ED34A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9FFAF8E-4023-4599-9F0D-274E6517CB1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B639209-A651-43FB-8F0C-B25F605521EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F259E6-10A8-4207-8FC2-85ABD70B04C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1BE63E-7E2E-407C-92F3-664D7C5680C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4044230-5BF5-4B13-A853-E59D5592ADC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B534B112-9BA4-467B-A58B-D89C0A6EFA9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB98961-8C99-4490-A6B8-9A5158784F5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "008518E5-4814-46AA-B9E7-A3B2635D6D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "495ADD0F-AF15-495D-8E07-171CCF71DBD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:security_service:12.2.1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "159F3C77-88C9-40B4-8FD2-70C8C208F95A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF096355-CD16-4F20-8E2D-1297BE6BC560",
              "versionEndIncluding": "18.1.4.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service."
    },
    {
      "lang": "es",
      "value": "RSA BSAFE Micro Edition Suite, en su versi\u00f3n 4.1.6, contiene una vulnerabilidad de desbordamiento de enteros. Un atacante remoto podr\u00eda emplear datos ASN.1 construidos de forma maliciosa para provocar una denegaci\u00f3n de servicio (DoS)."
    }
  ],
  "id": "CVE-2018-11054",
  "lastModified": "2024-11-21T03:42:34.523",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-31T18:29:00.263",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2018/Aug/46"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2018/Aug/46"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2018-17693

Vulnerability from cnvd - Published: 2018-09-06

Title

Dell EMC RSA BSAFE Micro Edition Suite整数溢出漏洞

Description

Dell EMC RSA BSAFE Micro Edition Suite（MES）是美国戴尔（Dell）公司的一套加密工具包。该工具包可帮助开发人员实现稳定、安全的应用程序设计。 Dell EMC RSA BSAFE MES 4.1.6版本中存在整数溢出漏洞。远程攻击者可通过使用恶意构造的ASN.1数据利用该漏洞造成拒绝服务。

Severity

高

Patch Name

Dell EMC RSA BSAFE Micro Edition Suite整数溢出漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.dellemc.com/

Reference

https://seclists.org/fulldisclosure/2018/Aug/46

Impacted products

Name
Dell EMC RSA BSAFE Micro Edition Suite 4.1.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-11054",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11054"
    }
  },
  "description": "Dell EMC RSA BSAFE Micro Edition Suite\uff08MES\uff09\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4e00\u5957\u52a0\u5bc6\u5de5\u5177\u5305\u3002\u8be5\u5de5\u5177\u5305\u53ef\u5e2e\u52a9\u5f00\u53d1\u4eba\u5458\u5b9e\u73b0\u7a33\u5b9a\u3001\u5b89\u5168\u7684\u5e94\u7528\u7a0b\u5e8f\u8bbe\u8ba1\u3002\r\n\r\nDell EMC RSA BSAFE MES 4.1.6\u7248\u672c\u4e2d\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f7f\u7528\u6076\u610f\u6784\u9020\u7684ASN.1\u6570\u636e\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.dellemc.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-17693",
  "openTime": "2018-09-06",
  "patchDescription": "Dell EMC RSA BSAFE Micro Edition Suite\uff08MES\uff09\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4e00\u5957\u52a0\u5bc6\u5de5\u5177\u5305\u3002\u8be5\u5de5\u5177\u5305\u53ef\u5e2e\u52a9\u5f00\u53d1\u4eba\u5458\u5b9e\u73b0\u7a33\u5b9a\u3001\u5b89\u5168\u7684\u5e94\u7528\u7a0b\u5e8f\u8bbe\u8ba1\u3002\r\n\r\nDell EMC RSA BSAFE MES 4.1.6\u7248\u672c\u4e2d\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f7f\u7528\u6076\u610f\u6784\u9020\u7684ASN.1\u6570\u636e\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell EMC RSA BSAFE Micro Edition Suite\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Dell EMC RSA BSAFE Micro Edition Suite 4.1.6"
  },
  "referenceLink": "https://seclists.org/fulldisclosure/2018/Aug/46",
  "serverity": "\u9ad8",
  "submitTime": "2018-09-04",
  "title": "Dell EMC RSA BSAFE Micro Edition Suite\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e"
}

WID-SEC-W-2024-0283

Vulnerability from csaf_certbund - Published: 2018-08-28 22:00 - Updated: 2024-02-04 23:00

Summary

RSA BSAFE: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

RSA BSAFE ist eine Sicherheitssoftware, die Entwicklern ermöglicht weitreichende Sicherheitsziele ihrer Applikationen zu erreichen.

Angriff

Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in RSA BSAFE ausnutzen, um einen Denial of Service Angriff durchzuführen, vertrauliche Daten einzusehen oder die Kryptographie zu umgehen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "RSA BSAFE ist eine Sicherheitssoftware, die Entwicklern erm\u00f6glicht weitreichende Sicherheitsziele ihrer Applikationen zu erreichen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in RSA BSAFE ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, vertrauliche Daten einzusehen oder die Kryptographie zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0283 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2018/wid-sec-w-2024-0283.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0283 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0283"
      },
      {
        "category": "external",
        "summary": "Meldung auf der fulldisclosure Mailing Liste vom 2018-08-28",
        "url": "http://seclists.org/fulldisclosure/2018/Aug/46"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-070 vom 2024-02-03",
        "url": "https://www.dell.com/support/kbdoc/000221770/dsa-2024-="
      }
    ],
    "source_lang": "en-US",
    "title": "RSA BSAFE: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-02-04T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:04:48.803+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0283",
      "initial_release_date": "2018-08-28T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2018-08-28T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2024-02-04T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC Avamar",
            "product": {
              "name": "EMC Avamar",
              "product_id": "T014381",
              "product_identification_helper": {
                "cpe": "cpe:/a:emc:avamar:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RSA BSAFE \u003c 4.0.5.3",
                "product": {
                  "name": "RSA BSAFE \u003c 4.0.5.3",
                  "product_id": "T012686",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rsa:bsafe_micro_edition_suite:4.0.5.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "RSA BSAFE \u003c 4.0.11",
                "product": {
                  "name": "RSA BSAFE \u003c 4.0.11",
                  "product_id": "T012687",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rsa:bsafe_micro_edition_suite:4.0.11"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "RSA BSAFE \u003c 4.1.6.1",
                "product": {
                  "name": "RSA BSAFE \u003c 4.1.6.1",
                  "product_id": "T012688",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rsa:bsafe_micro_edition_suite:4.1.6.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "BSAFE"
          }
        ],
        "category": "vendor",
        "name": "RSA"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-11054",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Integer \u00dcberlauf Schwachstelle in RSA BSAFE. Ein entfernter anonymer Angreifer kann speziell bearbeitete ASN.1-Daten an ein betroffenes System \u00fcbermitteln, um einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381"
        ]
      },
      "release_date": "2018-08-28T22:00:00.000+00:00",
      "title": "CVE-2018-11054"
    },
    {
      "cve": "CVE-2018-11055",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in RSA BSAFE im Zusammenhang mit dem unsachgem\u00e4\u00dfen L\u00f6schen von Heap-Speicher vor der Freigabe (\u0027Heap Inspection\u0027). Ein lokaler Angreifer kann dies Schwachstelle ausnutzen, um Zugriff auf nicht autorisierte Daten zu erhalten."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381"
        ]
      },
      "release_date": "2018-08-28T22:00:00.000+00:00",
      "title": "CVE-2018-11055"
    },
    {
      "cve": "CVE-2018-11056",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in RSA BSAFE beim Parsen von ASN.1-Daten. Ein entfernter anonymer Angreifer kann mit Hilfe speziell bearbeiteter ASN.1-Daten den Stackspeicher komplett auslasten und somit einen Denial of Service verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381"
        ]
      },
      "release_date": "2018-08-28T22:00:00.000+00:00",
      "title": "CVE-2018-11056"
    },
    {
      "cve": "CVE-2018-11057",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in RSA BSAFE. Ein entfernter anonymer Angreifer kann eine Covert Timing Channel-Schwachstelle w\u00e4hrend der RSA-Entschl\u00fcsselung ausnutzen, um den RSA-Schl\u00fcssel zu rekonstruieren (Bleichenbacher-Angriff)."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381"
        ]
      },
      "release_date": "2018-08-28T22:00:00.000+00:00",
      "title": "CVE-2018-11057"
    },
    {
      "cve": "CVE-2018-11058",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in RSA BSAFE. Ein entfernter anonymer Angreifer kann diese Buffer Over-Read-Schwachstelle beim Parsen von ASN.1 Daten ausnutzen, um einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381"
        ]
      },
      "release_date": "2018-08-28T22:00:00.000+00:00",
      "title": "CVE-2018-11058"
    }
  ]
}

GHSA-3343-MPGF-85HP

Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02

Details

RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-11054"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-31T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.",
  "id": "GHSA-3343-mpgf-85hp",
  "modified": "2022-05-13T01:02:12Z",
  "published": "2022-05-13T01:02:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11054"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2018/Aug/46"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-11054

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.

Aliases

CVE-2018-11054

Aliases

CVE-2018-11054

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-11054",
    "description": "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.",
    "id": "GSD-2018-11054"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-11054"
      ],
      "details": "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.",
      "id": "GSD-2018-11054",
      "modified": "2023-12-13T01:22:41.853226Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@dell.com",
        "ID": "CVE-2018-11054",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "BSAFE Micro Edition Suite",
                    "version": {
                      "version_data": [
                        {
                          "affected": "=",
                          "version_value": "4.1.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "RSA"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "integer overflow vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2018/Aug/46"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:bsafe:4.1.6:*:*:*:micro_edition_suite:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "18.1.4.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2018-11054"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Aug/46"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-04-18T18:15Z",
      "publishedDate": "2018-08-31T18:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-11054 (GCVE-0-2018-11054)

FKIE_CVE-2018-11054

CNVD-2018-17693

WID-SEC-W-2024-0283

GHSA-3343-MPGF-85HP

GSD-2018-11054

Tags

Sightings

Nomenclature