CVE-2018-11056

{"id": "CVE-2018-11056", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-08-31T18:29:00.530", "references": [{"url": "http://seclists.org/fulldisclosure/2018/Aug/46", "tags": ["Mailing List", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "http://seclists.org/fulldisclosure/2018/Aug/46", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service."}, {"lang": "es", "value": "RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.1.6.1 (en las 4.1.x) y RSA BSAFE Crypto-C Micro Edition en versiones anteriores a la 4.0.5.3 (en las 4.0.x) contiene una vulnerabilidad de consumo de recursos no controlado (\"Resource Exhaustion\") al analizar datos ASN.1. Un atacante remoto podr\u00eda emplear datos ASN.1 construidos de forma maliciosa que agotar\u00edan la pila, pudiendo provocar una denegaci\u00f3n de servicio (DoS)."}], "lastModified": "2024-11-21T03:42:35.010", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", "vulnerable": true, "matchCriteriaId": "1DF1347A-3AFB-40CC-B1AD-F2DAC90502D1", "versionEndExcluding": "4.1.6.1", "versionStartIncluding": "4.1.0"}, {"criteria": "cpe:2.3:a:dell:bsafe_crypto-c:*:*:*:*:micro:*:*:*", "vulnerable": true, "matchCriteriaId": "34E7C1D1-796B-4FDD-A619-5DD75032FEBB", "versionEndExcluding": "4.0.5.3", "versionStartIncluding": "4.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1"}, {"criteria": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55D98C27-734F-490B-92D5-251805C841B9"}, {"criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE48E0FE-5931-441C-B4FF-253BD9C48186"}, {"criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE7A60DB-A287-4E61-8131-B6314007191B"}, {"criteria": "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1367C5D-8815-41E6-B609-E855CB8B1AA7"}, {"criteria": "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E150F02-5B34-4496-A024-335DF64D7F8F"}, {"criteria": "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4059F859-A7D8-4ADD-93EE-74AF082ED34A"}, {"criteria": "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9FFAF8E-4023-4599-9F0D-274E6517CB1B"}, {"criteria": "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B639209-A651-43FB-8F0C-B25F605521EC"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24"}, {"criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6F259E6-10A8-4207-8FC2-85ABD70B04C0"}, {"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6"}, {"criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B1BE63E-7E2E-407C-92F3-664D7C5680C8"}, {"criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4044230-5BF5-4B13-A853-E59D5592ADC6"}, {"criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B534B112-9BA4-467B-A58B-D89C0A6EFA9C"}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2"}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA"}, {"criteria": "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "008518E5-4814-46AA-B9E7-A3B2635D6D4B"}, {"criteria": "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "495ADD0F-AF15-495D-8E07-171CCF71DBD3"}, {"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FD166F7-8A83-4BC7-A392-E830E87F841B"}, {"criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6DA0527-562D-457F-A2BB-3DF5EAABA1AB", "versionEndExcluding": "18.1.4.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}