7.5

CVE-2018-15769

RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.

Data is provided by the National Vulnerability Database (NVD)
DellBsafe SwEditionmicro_edition_suite Version >= 4.0.0 < 4.0.11
DellBsafe SwEditionmicro_edition_suite Version >= 4.1.0 < 4.1.6.2
OracleApplication Testing Suite Version13.3.0.1
OracleCommunications Analytics Version12.1.1
OracleCore Rdbms Version11.2.0.4
OracleCore Rdbms Version12.1.0.2
OracleCore Rdbms Version12.2.0.1
OracleCore Rdbms Version18c
OracleCore Rdbms Version19c
OracleGoldengate Application Adapters Version12.3.2.1.0
OracleReal User Experience Insight Version13.1.2.1
OracleReal User Experience Insight Version13.2.3.1
OracleReal User Experience Insight Version13.3.1.0
OracleSecurity Service Version11.1.1.9.0
OracleSecurity Service Version12.1.3.0.0
OracleSecurity Service Version12.2.1.3.0
OracleTimesten In-memory Database Version < 18.1.4.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.54% 0.808
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
https://seclists.org/fulldisclosure/2018/Nov/37
Third Party Advisory
Mailing List