{"containers": {"cna": {"affected": [{"product": "BSAFE Micro Edition Suite", "vendor": "RSA", "versions": [{"lessThan": "4.0.11", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "4.1.6.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2018-08-28T00:00:00", "descriptions": [{"lang": "en", "value": "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Covert Timing Channel vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-20T21:14:53", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2018/Aug/46"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}], "source": {"discovery": "UNKNOWN"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@dell.com", "ID": "CVE-2018-11057", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BSAFE Micro Edition Suite", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "4.0.11"}, {"affected": "<", "version_affected": "<", "version_value": "4.1.6.1"}]}}]}, "vendor_name": "RSA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Covert Timing Channel vulnerability"}]}]}, "references": {"reference_data": [{"name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2018/Aug/46"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:54:36.548Z"}, "title": "CVE Program Container", "references": [{"name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2018/Aug/46"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2018-11057", "datePublished": "2018-08-31T18:00:00", "dateReserved": "2018-05-14T00:00:00", "dateUpdated": "2024-08-05T07:54:36.548Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", "matchCriteriaId": "3F58C7A1-2DC4-4971-BCB5-1F7D4A152519", "versionEndExcluding": "4.0.11", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", "matchCriteriaId": "1DF1347A-3AFB-40CC-B1AD-F2DAC90502D1", "versionEndExcluding": "4.1.6.1", "versionStartIncluding": "4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "55D98C27-734F-490B-92D5-251805C841B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE48E0FE-5931-441C-B4FF-253BD9C48186", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE7A60DB-A287-4E61-8131-B6314007191B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "E1367C5D-8815-41E6-B609-E855CB8B1AA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "7E150F02-5B34-4496-A024-335DF64D7F8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4059F859-A7D8-4ADD-93EE-74AF082ED34A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*", "matchCriteriaId": "C9FFAF8E-4023-4599-9F0D-274E6517CB1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*", "matchCriteriaId": "9B639209-A651-43FB-8F0C-B25F605521EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F6F259E6-10A8-4207-8FC2-85ABD70B04C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0B1BE63E-7E2E-407C-92F3-664D7C5680C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "F4044230-5BF5-4B13-A853-E59D5592ADC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B534B112-9BA4-467B-A58B-D89C0A6EFA9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "008518E5-4814-46AA-B9E7-A3B2635D6D4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "495ADD0F-AF15-495D-8E07-171CCF71DBD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9FD166F7-8A83-4BC7-A392-E830E87F841B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6DA0527-562D-457F-A2BB-3DF5EAABA1AB", "versionEndExcluding": "18.1.4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key."}, {"lang": "es", "value": "RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.0.11 (en las 4.0.x) y anteriores a la 4.1.6.1 (en las 4.1.x) contiene una vulnerabilidad de canal de tiempo oculto durante el descifrado RSA. Esto tambi\u00e9n se conoce como ataque Bleichenbacher sobre descifrado RSA. Un atacante remoto podr\u00eda ser capaz de recuperar una clave RSA."}], "id": "CVE-2018-11057", "lastModified": "2024-11-21T03:42:35.243", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security_alert@emc.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-31T18:29:00.653", "references": [{"source": "security_alert@emc.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2018/Aug/46"}, {"source": "security_alert@emc.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "security_alert@emc.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "security_alert@emc.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "security_alert@emc.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "security_alert@emc.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2018/Aug/46"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}