CVE-2018-11057

MEDIUM

RSA BSAFE Micro Edition Suite < 4.0.11 and < 4.1.6.1 - Covert Timing Channel during RSA Decryption

Title source: llm

Description

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.

References (6)

Core 6

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2018/Aug/46

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuapr2020.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujul2020.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujan2020.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuoct2020.html

Scores

CVSS v3 5.9

EPSS 0.0062

EPSS Percentile 70.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-327

Status published

Products (23)

dell/bsafe 4.0.0 - 4.0.11

oracle/application_testing_suite 13.3.0.1

oracle/communications_analytics 12.1.1

oracle/communications_ip_service_activator 7.3.0

oracle/communications_ip_service_activator 7.4.0

oracle/core_rdbms 11.2.0.4

oracle/core_rdbms 12.1.0.2

oracle/core_rdbms 12.2.0.1

oracle/core_rdbms 18c

oracle/core_rdbms 19c

... and 13 more

Published Aug 31, 2018

Tracked Since Feb 18, 2026