5.9
CVE-2018-11057
- EPSS 0.62%
- Veröffentlicht 31.08.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:42:35
- Quelle security_alert@emc.com
- Teams Watchlist Login
- Unerledigt Login
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Application Testing Suite Version13.3.0.1
Oracle ≫ Communications Analytics Version12.1.1
Oracle ≫ Communications Ip Service Activator Version7.3.0
Oracle ≫ Communications Ip Service Activator Version7.4.0
Oracle ≫ Core Rdbms Version11.2.0.4
Oracle ≫ Core Rdbms Version12.1.0.2
Oracle ≫ Core Rdbms Version12.2.0.1
Oracle ≫ Core Rdbms Version18c
Oracle ≫ Core Rdbms Version19c
Oracle ≫ Enterprise Manager Ops Center Version12.3.3
Oracle ≫ Enterprise Manager Ops Center Version12.4.0
Oracle ≫ Goldengate Application Adapters Version12.3.2.1.0
Oracle ≫ Jd Edwards Enterpriseone Tools Version9.2
Oracle ≫ Real User Experience Insight Version13.1.2.1
Oracle ≫ Real User Experience Insight Version13.2.3.1
Oracle ≫ Real User Experience Insight Version13.3.1.0
Oracle ≫ Retail Predictive Application Server Version15.0.3
Oracle ≫ Retail Predictive Application Server Version16.0.3.0
Oracle ≫ Security Service Version11.1.1.9.0
Oracle ≫ Security Service Version12.1.3.0.0
Oracle ≫ Security Service Version12.2.1.3.0
Oracle ≫ Timesten In-memory Database Version < 18.1.4.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.62% | 0.69 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| security_alert@emc.com | 5.9 | 2.2 | 3.6 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.