Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
1

CVE-2018-11058

Disclosure Date: September 14, 2018
CVE-2018-11058 CVSS v3 Base Score: 9.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
BSAFE Micro Edition Suite 4.0.11
BSAFE Micro Edition Suite 4.1.6.1
BSAFE Crypto-C Micro Edition 4.0.5.3
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • dell,
  • oracle

Products

  • application testing suite 13.3.0.1,
  • bsafe,
  • bsafe crypto-c,
  • communications analytics 12.1.1,
  • communications ip service activator 7.3.0,
  • communications ip service activator 7.4.0,
  • core rdbms 11.2.0.4,
  • core rdbms 12.1.0.2,
  • core rdbms 12.2.0.1,
  • core rdbms 18c,
  • core rdbms 19c,
  • enterprise manager ops center 12.3.3,
  • enterprise manager ops center 12.4.0,
  • goldengate application adapters 12.3.2.1.0,
  • jd edwards enterpriseone tools 9.2,
  • real user experience insight 13.1.2.1,
  • real user experience insight 13.2.3.1,
  • real user experience insight 13.3.1.0,
  • retail predictive application server 15.0.3,
  • retail predictive application server 16.0.3.0,
  • security service 11.1.1.9.0,
  • security service 12.1.3.0.0,
  • security service 12.2.1.3.0,
  • timesten in-memory database
Technical Analysis