CVE-2018-15769 - Vulnerability Details

Vendors	Products
Dell	Bsafe
Oracle	Application Testing Suite Communications Analytics Communications Ip Service Activator Core Rdbms Enterprise Manager Ops Center Goldengate Application Adapters Jd Edwards Enterpriseone Tools Real User Experience Insight Retail Predictive Application Server Security Service Timesten In-memory Database

Link	Providers
http://www.securityfocus.com/bid/105929
http://www.securitytracker.com/id/1042057
https://seclists.org/fulldisclosure/2018/Nov/37
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-11-12T00:00:00", "descriptions": [{"lang": "en", "value": "RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-20T21:14:54", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "105929", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105929"}, {"name": "20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "https://seclists.org/fulldisclosure/2018/Nov/37"}, {"name": "1042057", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1042057"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@dell.com", "ID": "CVE-2018-15769", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "105929", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105929"}, {"name": "20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability", "refsource": "FULLDISC", "url": "https://seclists.org/fulldisclosure/2018/Nov/37"}, {"name": "1042057", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1042057"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:01:54.559Z"}, "title": "CVE Program Container", "references": [{"name": "105929", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105929"}, {"name": "20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "https://seclists.org/fulldisclosure/2018/Nov/37"}, {"name": "1042057", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1042057"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2018-15769", "datePublished": "2018-11-16T21:00:00", "dateReserved": "2018-08-23T00:00:00", "dateUpdated": "2024-08-05T10:01:54.559Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2018-11-12T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-10-20T21:14:54 (string)

orgId : c550e75a-17ff-4988-97f0-544cde3820fe (string)

shortName : dell (string)

}

references : [ »

0 : { »

name : 105929 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/105929 (string)

}

1 : { »

name : 20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

]

url : https://seclists.org/fulldisclosure/2018/Nov/37 (string)

}

2 : { »

name : 1042057 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1042057 (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.oracle.com/security-alerts/cpuapr2020.html (string)

}

4 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.oracle.com/security-alerts/cpujul2020.html (string)

}

5 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html (string)

}

6 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.oracle.com/security-alerts/cpujan2020.html (string)

}

7 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.oracle.com/security-alerts/cpuoct2020.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secure@dell.com (string)

ID : CVE-2018-15769 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 105929 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/105929 (string)

}

1 : { »

name : 20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability (string)

refsource : FULLDISC (string)

url : https://seclists.org/fulldisclosure/2018/Nov/37 (string)

}

2 : { »

name : 1042057 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1042057 (string)

}

3 : { »

name : https://www.oracle.com/security-alerts/cpuapr2020.html (string)

refsource : MISC (string)

url : https://www.oracle.com/security-alerts/cpuapr2020.html (string)

}

4 : { »

name : https://www.oracle.com/security-alerts/cpujul2020.html (string)

refsource : MISC (string)

url : https://www.oracle.com/security-alerts/cpujul2020.html (string)

}

5 : { »

name : https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html (string)

refsource : MISC (string)

url : https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html (string)

}

6 : { »

name : https://www.oracle.com/security-alerts/cpujan2020.html (string)

refsource : MISC (string)

url : https://www.oracle.com/security-alerts/cpujan2020.html (string)

}

7 : { »

name : https://www.oracle.com/security-alerts/cpuoct2020.html (string)

refsource : MISC (string)

url : https://www.oracle.com/security-alerts/cpuoct2020.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T10:01:54.559Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 105929 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/105929 (string)

}

1 : { »

name : 20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

2 : x_transferred (string)

]

url : https://seclists.org/fulldisclosure/2018/Nov/37 (string)

}

2 : { »

name : 1042057 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1042057 (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.oracle.com/security-alerts/cpuapr2020.html (string)

}

4 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.oracle.com/security-alerts/cpujul2020.html (string)

}

5 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html (string)

}

6 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.oracle.com/security-alerts/cpujan2020.html (string)

}

7 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.oracle.com/security-alerts/cpuoct2020.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : c550e75a-17ff-4988-97f0-544cde3820fe (string)

assignerShortName : dell (string)

cveId : CVE-2018-15769 (string)

datePublished : 2018-11-16T21:00:00 (string)

dateReserved : 2018-08-23T00:00:00 (string)

dateUpdated : 2024-08-05T10:01:54.559Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", "matchCriteriaId": "3F58C7A1-2DC4-4971-BCB5-1F7D4A152519", "versionEndExcluding": "4.0.11", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", "matchCriteriaId": "F72D69C9-BBFA-43CC-A094-596361593D16", "versionEndExcluding": "4.1.6.2", "versionStartIncluding": "4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "55D98C27-734F-490B-92D5-251805C841B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE48E0FE-5931-441C-B4FF-253BD9C48186", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE7A60DB-A287-4E61-8131-B6314007191B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "E1367C5D-8815-41E6-B609-E855CB8B1AA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "7E150F02-5B34-4496-A024-335DF64D7F8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4059F859-A7D8-4ADD-93EE-74AF082ED34A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*", "matchCriteriaId": "C9FFAF8E-4023-4599-9F0D-274E6517CB1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*", "matchCriteriaId": "9B639209-A651-43FB-8F0C-B25F605521EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F6F259E6-10A8-4207-8FC2-85ABD70B04C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0B1BE63E-7E2E-407C-92F3-664D7C5680C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "F4044230-5BF5-4B13-A853-E59D5592ADC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B534B112-9BA4-467B-A58B-D89C0A6EFA9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "008518E5-4814-46AA-B9E7-A3B2635D6D4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "495ADD0F-AF15-495D-8E07-171CCF71DBD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9FD166F7-8A83-4BC7-A392-E830E87F841B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6DA0527-562D-457F-A2BB-3DF5EAABA1AB", "versionEndExcluding": "18.1.4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used."}, {"lang": "es", "value": "RSA BSAFE Micro Edition Suite en versiones anteriores a la 4.0.11 (en la serie 4.0.x) y las versiones anteriores a la 4.1.6.2 (en la serie 4.1.x) contiene un problema de error de gesti\u00f3n clave. Un servidor TLS malicioso podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) en los clientes TLS durante la negociaci\u00f3n cuando un valor primo muy grande se env\u00eda al cliente TLS y se emplea una suite de cifrado Diffie-Hellman Ephemeral o Anonymous (DHE o ADH)."}], "id": "CVE-2018-15769", "lastModified": "2024-11-21T03:51:26.183", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-16T21:29:00.470", "references": [{"source": "security_alert@emc.com", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/105929"}, {"source": "security_alert@emc.com", "tags": ["Broken Link"], "url": "http://www.securitytracker.com/id/1042057"}, {"source": "security_alert@emc.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2018/Nov/37"}, {"source": "security_alert@emc.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "security_alert@emc.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "security_alert@emc.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "security_alert@emc.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "security_alert@emc.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/105929"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.securitytracker.com/id/1042057"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2018/Nov/37"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:* (string)

matchCriteriaId : 3F58C7A1-2DC4-4971-BCB5-1F7D4A152519 (string)

versionEndExcluding : 4.0.11 (string)

versionStartIncluding : 4.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:* (string)

matchCriteriaId : F72D69C9-BBFA-43CC-A094-596361593D16 (string)

versionEndExcluding : 4.1.6.2 (string)

versionStartIncluding : 4.1.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A125E817-F974-4509-872C-B71933F42AD1 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 55D98C27-734F-490B-92D5-251805C841B9 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : DE48E0FE-5931-441C-B4FF-253BD9C48186 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : DE7A60DB-A287-4E61-8131-B6314007191B (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:* (string)

matchCriteriaId : E1367C5D-8815-41E6-B609-E855CB8B1AA7 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 7E150F02-5B34-4496-A024-335DF64D7F8F (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 4059F859-A7D8-4ADD-93EE-74AF082ED34A (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:* (string)

matchCriteriaId : C9FFAF8E-4023-4599-9F0D-274E6517CB1B (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:* (string)

matchCriteriaId : 9B639209-A651-43FB-8F0C-B25F605521EC (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 37209C6F-EF99-4D21-9608-B3A06D283D24 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : F6F259E6-10A8-4207-8FC2-85ABD70B04C0 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 0B1BE63E-7E2E-407C-92F3-664D7C5680C8 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : F4044230-5BF5-4B13-A853-E59D5592ADC6 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B534B112-9BA4-467B-A58B-D89C0A6EFA9C (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 24A3C819-5151-4543-A5C6-998C9387C8A2 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 924AFE2D-D1BB-4026-9C12-BA379F8C5BEA (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 008518E5-4814-46AA-B9E7-A3B2635D6D4B (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 495ADD0F-AF15-495D-8E07-171CCF71DBD3 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 9FD166F7-8A83-4BC7-A392-E830E87F841B (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A6DA0527-562D-457F-A2BB-3DF5EAABA1AB (string)

versionEndExcluding : 18.1.4.1.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used. (string)

}

1 : { »

lang : es (string)

value : RSA BSAFE Micro Edition Suite en versiones anteriores a la 4.0.11 (en la serie 4.0.x) y las versiones anteriores a la 4.1.6.2 (en la serie 4.1.x) contiene un problema de error de gestión clave. Un servidor TLS malicioso podría provocar una denegación de servicio (DoS) en los clientes TLS durante la negociación cuando un valor primo muy grande se envía al cliente TLS y se emplea una suite de cifrado Diffie-Hellman Ephemeral o Anonymous (DHE o ADH). (string)

}

]

id : CVE-2018-15769 (string)

lastModified : 2024-11-21T03:51:26.183 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2018-11-16T21:29:00.470 (string)

references : [ »

0 : { »

source : security_alert@emc.com (string)

tags : [ »

0 : Broken Link (string)

]

url : http://www.securityfocus.com/bid/105929 (string)

}

1 : { »

source : security_alert@emc.com (string)

tags : [ »

0 : Broken Link (string)

]

url : http://www.securitytracker.com/id/1042057 (string)

}

2 : { »

source : security_alert@emc.com (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://seclists.org/fulldisclosure/2018/Nov/37 (string)

}

3 : { »

source : security_alert@emc.com (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://www.oracle.com/security-alerts/cpuapr2020.html (string)

}

4 : { »

source : security_alert@emc.com (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://www.oracle.com/security-alerts/cpujan2020.html (string)

}

5 : { »

source : security_alert@emc.com (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://www.oracle.com/security-alerts/cpujul2020.html (string)

}

6 : { »

source : security_alert@emc.com (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://www.oracle.com/security-alerts/cpuoct2020.html (string)

}

7 : { »

source : security_alert@emc.com (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://www.securityfocus.com/bid/105929 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://www.securitytracker.com/id/1042057 (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://seclists.org/fulldisclosure/2018/Nov/37 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://www.oracle.com/security-alerts/cpuapr2020.html (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://www.oracle.com/security-alerts/cpujan2020.html (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://www.oracle.com/security-alerts/cpujul2020.html (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://www.oracle.com/security-alerts/cpuoct2020.html (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html (string)

}

]

sourceIdentifier : security_alert@emc.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object