cve-2018-11069
Vulnerability from cvelistv5
Published
2018-09-11 19:00
Modified
2024-09-16 19:35
Severity ?
EPSS score ?
Summary
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securitytracker.com/id/1041614 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://seclists.org/fulldisclosure/2018/Sep/7 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041614 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Sep/7 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | RSA BSAFE SSL-J |
Version: unspecified < 6.2.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:36.563Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1041614", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041614", }, { name: "20180905 DSA-2018-150:RSA BSAFE SSL-J Multiple Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "https://seclists.org/fulldisclosure/2018/Sep/7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "RSA BSAFE SSL-J", vendor: "Dell EMC", versions: [ { lessThan: "6.2.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2018-09-05T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Covert Timing Channel Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-09-12T09:57:01", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "1041614", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041614", }, { name: "20180905 DSA-2018-150:RSA BSAFE SSL-J Multiple Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "https://seclists.org/fulldisclosure/2018/Sep/7", }, ], source: { discovery: "UNKNOWN", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security_alert@emc.com", DATE_PUBLIC: "2018-09-05T04:00:00.000Z", ID: "CVE-2018-11069", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "RSA BSAFE SSL-J", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "6.2.4", }, ], }, }, ], }, vendor_name: "Dell EMC", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Covert Timing Channel Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "1041614", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041614", }, { name: "20180905 DSA-2018-150:RSA BSAFE SSL-J Multiple Vulnerabilities", refsource: "FULLDISC", url: "https://seclists.org/fulldisclosure/2018/Sep/7", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2018-11069", datePublished: "2018-09-11T19:00:00Z", dateReserved: "2018-05-14T00:00:00", dateUpdated: "2024-09-16T19:35:24.862Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2018-11069\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2018-09-11T19:29:01.270\",\"lastModified\":\"2024-11-21T03:42:37.020\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.\"},{\"lang\":\"es\",\"value\":\"RSA BSAFE SSL-J, en versiones anteriores a la 6.2.4 contiene una vulnerabilidad de canal de tiempo oculto durante el descifrado RSA. Esto también se conoce como ataque Bleichenbacher sobre descifrado RSA. Un atacante remoto podría ser capaz de recuperar una clave RSA.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-327\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.2.4\",\"matchCriteriaId\":\"86697545-1BE7-457C-9AE9-B5270C531D49\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1041614\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://seclists.org/fulldisclosure/2018/Sep/7\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1041614\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://seclists.org/fulldisclosure/2018/Sep/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.