CVE-2018-11057 - 漏洞详情

CVE-2018-11057 (CNNVD-201809-064)

MEDIUM

中文标题:

Dell EMC RSA BSAFE Micro Edition Suite 加密问题漏洞

英文标题:

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) c...

CVSS分数: 5.9

发布时间: 2018-08-31 18:00:00

漏洞类型: 加密问题

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

Dell EMC RSA BSAFE Micro Edition Suite（MES）是美国戴尔（Dell）公司的一套加密工具包。该工具包可帮助开发人员实现稳定、安全的应用程序设计。 Dell EMC RSA BSAFE MES 4.0.11之前的4.0.x版本和4.1.6.1之前的4.1.x版本中存在安全漏洞。远程攻击者可利用该漏洞恢复RSA密钥。

英文描述:

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.

CWE类型:

CWE-327

受影响产品

厂商	产品	版本	版本范围	平台	CPE
RSA	BSAFE Micro Edition Suite	-	< 4.0.11	-	`cpe:2.3:a:rsa:bsafe_micro_edition_suite::::::::`
dell	bsafe	*	-	-	`cpe:2.3:a:dell:bsafe:::::micro_edition_suite:::*`
oracle	application_testing_suite	13.3.0.1	-	-	`cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*`
oracle	communications_analytics	12.1.1	-	-	`cpe:2.3:a:oracle:communications_analytics:12.1.1:::::::*`
oracle	communications_ip_service_activator	7.3.0	-	-	`cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:::::::*`
oracle	communications_ip_service_activator	7.4.0	-	-	`cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:::::::*`
oracle	core_rdbms	11.2.0.4	-	-	`cpe:2.3:a:oracle:core_rdbms:11.2.0.4:::::::*`
oracle	core_rdbms	12.1.0.2	-	-	`cpe:2.3:a:oracle:core_rdbms:12.1.0.2:::::::*`
oracle	core_rdbms	12.2.0.1	-	-	`cpe:2.3:a:oracle:core_rdbms:12.2.0.1:::::::*`
oracle	core_rdbms	18c	-	-	`cpe:2.3:a:oracle:core_rdbms:18c:::::::*`
oracle	core_rdbms	19c	-	-	`cpe:2.3:a:oracle:core_rdbms:19c:::::::*`
oracle	enterprise_manager_ops_center	12.3.3	-	-	`cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*`
oracle	enterprise_manager_ops_center	12.4.0	-	-	`cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*`
oracle	goldengate_application_adapters	12.3.2.1.0	-	-	`cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:::::::*`
oracle	jd_edwards_enterpriseone_tools	9.2	-	-	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:::::::*`
oracle	real_user_experience_insight	13.1.2.1	-	-	`cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:::::::*`
oracle	real_user_experience_insight	13.2.3.1	-	-	`cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:::::::*`
oracle	real_user_experience_insight	13.3.1.0	-	-	`cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:::::::*`
oracle	retail_predictive_application_server	15.0.3	-	-	`cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:::::::*`
oracle	retail_predictive_application_server	16.0.3.0	-	-	`cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:::::::*`
oracle	security_service	11.1.1.9.0	-	-	`cpe:2.3:a:oracle:security_service:11.1.1.9.0:::::::*`
oracle	security_service	12.1.3.0.0	-	-	`cpe:2.3:a:oracle:security_service:12.1.3.0.0:::::::*`
oracle	security_service	12.2.1.3.0	-	-	`cpe:2.3:a:oracle:security_service:12.2.1.3.0:::::::*`
oracle	timesten_in-memory_database	*	-	-	`cpe:2.3:a:oracle:timesten_in-memory_database::::::::`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities mailing-list
cve.org

访问