5.5

CVE-2018-11055

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.

Data is provided by the National Vulnerability Database (NVD)
DellBsafe SwEditionmicro_edition_suite Version >= 4.0.0 < 4.0.11
DellBsafe SwEditionmicro_edition_suite Version >= 4.1.0 < 4.1.6.1
OracleApplication Testing Suite Version13.3.0.1
OracleCommunications Analytics Version12.1.1
OracleCore Rdbms Version11.2.0.4
OracleCore Rdbms Version12.1.0.2
OracleCore Rdbms Version12.2.0.1
OracleCore Rdbms Version18c
OracleCore Rdbms Version19c
OracleGoldengate Application Adapters Version12.3.2.1.0
OracleReal User Experience Insight Version13.1.2.1
OracleReal User Experience Insight Version13.2.3.1
OracleReal User Experience Insight Version13.3.1.0
OracleSecurity Service Version11.1.1.9.0
OracleSecurity Service Version12.1.3.0.0
OracleSecurity Service Version12.2.1.3.0
OracleTimesten In-memory Database Version < 18.1.4.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.09% 0.26
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
security_alert@emc.com 4.4 0.8 3.6
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

http://seclists.org/fulldisclosure/2018/Aug/46
Third Party Advisory
Mailing List