CVE-2018-11070

CWE-327 — Broken Cryptographic Algorithm3 documents3 sources

Severity

5.9MEDIUM

EPSS

0.3%

top 43.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell EMC RSA Bsafe Crypto-j Dell EMC RSA Bsafe Ssl-j Dell Bsafe Crypto-j +1 more

Timeline

PublishedSep 11

Latest updateMay 13

Description

RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶NVDdell/bsafe_crypto-j< 6.2.4

▶CVEListV5dell_emc/rsa_bsafe_crypto-junspecified — 6.2.4

▶NVDdell/rsa_bsafe_ssl-j< 6.2.4

▶CVEListV5dell_emc/rsa_bsafe_ssl-junspecified — 6.2.4

🔴Vulnerability Details

GHSA

GHSA-92wr-j974-xw8j: RSA BSAFE Crypto-J versions prior to 6↗2022-05-13

▶

CVEList

CVE-2018-11070: RSA BSAFE Crypto-J versions prior to 6↗2018-09-11

▶