CVE-2018-11057

moderate-risk

Published 2018-08-31

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.

Do I need to act?

0.62% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

Affected Products (20)

Bsafe

Application Testing Suite

Communications Analytics

Communications Ip Service Activator

Core Rdbms

Enterprise Manager Ops Center

Goldengate Application Adapters

Jd Edwards Enterpriseone Tools

Real User Experience Insight

Retail Predictive Application Server

Security Service

Affected Vendors

Oracle Dell

References (12)

Mailing List http://seclists.org/fulldisclosure/2018/Aug/46

Patch https://www.oracle.com/security-alerts/cpuapr2020.html

Patch https://www.oracle.com/security-alerts/cpujan2020.html

Patch https://www.oracle.com/security-alerts/cpujul2020.html

Patch https://www.oracle.com/security-alerts/cpuoct2020.html

Patch https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Mailing List http://seclists.org/fulldisclosure/2018/Aug/46

Patch https://www.oracle.com/security-alerts/cpuapr2020.html

Patch https://www.oracle.com/security-alerts/cpujan2020.html

Patch https://www.oracle.com/security-alerts/cpujul2020.html

Patch https://www.oracle.com/security-alerts/cpuoct2020.html

Patch https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 2/34 · Minimal

Exposure 21/34 · High