CVE-2018-11055

CWE-4043 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 74.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RSA Bsafe Micro Edition Suite Dell Bsafe Oracle Timesten In-memory Database +10 more

Timeline

PublishedAug 31

Latest updateMay 13

Description

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages13 packages

▶NVDoracle/timesten_in-memory_database< 18.1.4.1.0

▶CVEListV5rsa/bsafe_micro_edition_suiteunspecified — 4.0.11+1

▶NVDdell/bsafe4.0.0 — 4.0.11+1

▶NVDoracle/application_testing_suite13.3.0.1

▶NVDoracle/real_user_experience_insight13.1.2.1, 13.2.3.1, 13.3.1.0+2

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-7mh8-r5jc-g27h: RSA BSAFE Micro Edition Suite, versions prior to 4↗2022-05-13

▶

CVEList

CVE-2018-11055: RSA BSAFE Micro Edition Suite, versions prior to 4↗2018-08-31

▶