5.5
CVE-2018-11055
- EPSS 0.09%
- Veröffentlicht 31.08.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:42:34
- Quelle security_alert@emc.com
- Teams Watchlist Login
- Unerledigt Login
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Application Testing Suite Version13.3.0.1
Oracle ≫ Communications Analytics Version12.1.1
Oracle ≫ Communications Ip Service Activator Version7.3.0
Oracle ≫ Communications Ip Service Activator Version7.4.0
Oracle ≫ Core Rdbms Version11.2.0.4
Oracle ≫ Core Rdbms Version12.1.0.2
Oracle ≫ Core Rdbms Version12.2.0.1
Oracle ≫ Core Rdbms Version18c
Oracle ≫ Core Rdbms Version19c
Oracle ≫ Enterprise Manager Ops Center Version12.3.3
Oracle ≫ Enterprise Manager Ops Center Version12.4.0
Oracle ≫ Goldengate Application Adapters Version12.3.2.1.0
Oracle ≫ Jd Edwards Enterpriseone Tools Version9.2
Oracle ≫ Real User Experience Insight Version13.1.2.1
Oracle ≫ Real User Experience Insight Version13.2.3.1
Oracle ≫ Real User Experience Insight Version13.3.1.0
Oracle ≫ Retail Predictive Application Server Version15.0.3
Oracle ≫ Retail Predictive Application Server Version16.0.3.0
Oracle ≫ Security Service Version11.1.1.9.0
Oracle ≫ Security Service Version12.1.3.0.0
Oracle ≫ Security Service Version12.2.1.3.0
Oracle ≫ Timesten In-memory Database Version < 18.1.4.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.26 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
| security_alert@emc.com | 4.4 | 0.8 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
CWE-404 Improper Resource Shutdown or Release
The product does not release or incorrectly releases a resource before it is made available for re-use.