CVE-2018-11054

EPSS 2.35%
Published 31.08.2018 18:29:00
Last modified 21.11.2024 03:42:34
Source security_alert@emc.com
Teams watchlist Login
Open Login

RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.

Affected products Warnungen 0 Metrics 4 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Bsafe Version4.1.6 SwEditionmicro_edition_suite

Oracle ≫ Application Testing Suite Version13.3.0.1

Oracle ≫ Communications Analytics Version12.1.1

Oracle ≫ Communications Ip Service Activator Version7.3.4

Oracle ≫ Communications Ip Service Activator Version7.4.0

Oracle ≫ Core Rdbms Version11.2.0.4

Oracle ≫ Core Rdbms Version12.1.0.2

Oracle ≫ Core Rdbms Version12.2.0.1

Oracle ≫ Core Rdbms Version18c

Oracle ≫ Core Rdbms Version19c

Oracle ≫ Enterprise Manager Ops Center Version12.3.3

Oracle ≫ Enterprise Manager Ops Center Version12.4.0

Oracle ≫ Goldengate Application Adapters Version12.3.2.1.0

Oracle ≫ Jd Edwards Enterpriseone Tools Version9.2

Oracle ≫ Real User Experience Insight Version13.1.2.1

Oracle ≫ Real User Experience Insight Version13.2.3.1

Oracle ≫ Real User Experience Insight Version13.3.1.0

Oracle ≫ Retail Predictive Application Server Version15.0.3

Oracle ≫ Retail Predictive Application Server Version16.0.3

Oracle ≫ Security Service Version11.1.1.9.0

Oracle ≫ Security Service Version12.1.3.0.0

Oracle ≫ Security Service Version12.2.1.2.0

Oracle ≫ Timesten In-memory Database Version <= 18.1.4.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.35%	0.842

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
security_alert@emc.com	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://www.oracle.com/security-alerts/cpujan2020.html

Patch

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2020.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Patch

Third Party Advisory