9.8

CVE-2018-11058

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.

Data is provided by the National Vulnerability Database (NVD)
DellBsafe SwEditionmicro_edition_suite Version >= 4.0.0 < 4.0.11
DellBsafe SwEditionmicro_edition_suite Version >= 4.1.0 < 4.1.6
DellBsafe Crypto-c SwEditionmicro Version >= 4.0.0 < 4.0.5.3
OracleApplication Testing Suite Version13.3.0.1
OracleCommunications Analytics Version12.1.1
OracleCore Rdbms Version11.2.0.4
OracleCore Rdbms Version12.1.0.2
OracleCore Rdbms Version12.2.0.1
OracleCore Rdbms Version18c
OracleCore Rdbms Version19c
OracleGoldengate Application Adapters Version12.3.2.1.0
OracleReal User Experience Insight Version13.1.2.1
OracleReal User Experience Insight Version13.2.3.1
OracleReal User Experience Insight Version13.3.1.0
OracleSecurity Service Version11.1.1.9.0
OracleSecurity Service Version12.1.3.0.0
OracleSecurity Service Version12.2.1.3.0
OracleTimesten In-memory Database Version < 18.1.4.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.73% 0.816
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
security_alert@emc.com 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://seclists.org/fulldisclosure/2018/Aug/46
Third Party Advisory
Mailing List