CVE-2018-11055
Severity CVSS v4.0:
Pending analysis
Type:
CWE-404
Improper Resource Shutdown or Release
Publication date:
31/08/2018
Last modified:
18/04/2022
Description
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:* | 4.0.0 (including) | 4.0.11 (excluding) |
cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:* | 4.1.0 (including) | 4.1.6.1 (excluding) |
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:* | ||
cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:* | ||
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://seclists.org/fulldisclosure/2018/Aug/46
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html