CVE-2018-15769
HIGH
7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
MEDIUM
5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: none
Availability: partial
Description
AI Translation Available
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0148
Percentile
0,8th
Updated
EPSS Score Trend (Last 91 Days)
Application
Security Service by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Real User Experience Insight by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Retail Predictive Application Server by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Enterprise Manager Ops Center by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Bsafe by Dell
Version Range Affected
From
4.0.0
(inclusive)
To
4.0.11
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Core Rdbms by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jd Edwards Enterpriseone Tools by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Security Service by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Analytics by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Core Rdbms by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Retail Predictive Application Server by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Core Rdbms by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Security Service by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Application Testing Suite by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Timesten In-Memory Database by Oracle
Version Range Affected
To
18.1.4.1.0
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Enterprise Manager Ops Center by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Real User Experience Insight by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Core Rdbms by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Ip Service Activator by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Ip Service Activator by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Core Rdbms by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Real User Experience Insight by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Goldengate Application Adapters by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Bsafe by Dell
Version Range Affected
From
4.1.0
(inclusive)
To
4.1.6.2
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://seclists.org/fulldisclosure/2018/Nov/37
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
http://www.securityfocus.com/bid/105929
http://www.securitytracker.com/id/1042057
https://seclists.org/fulldisclosure/2018/Nov/37
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
http://www.securityfocus.com/bid/105929
http://www.securitytracker.com/id/1042057