CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2018-11058

CVSS 9.8v3.1pub. 2018-09-14upd. 2024-11-21

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dell Bsafe

    APP
    Dell
    4.0.0 – 4.0.11 (bez)4.1.0 – 4.1.6 (bez)
  • Dell Bsafe Crypto C

    APP
    Dell
    4.0.0 – 4.0.5.3 (bez)
  • Oracle Application Testing Suite

    APP
    Oracle
    13.3.0.1
  • Oracle Communications Analytics

    APP
    Oracle
    12.1.1
  • Oracle Communications Ip Service Activator

    APP
    Oracle
    7.3.07.4.0
  • Oracle Core Rdbms

    APP
    Oracle
    11.2.0.412.1.0.212.2.0.118c19c
  • Oracle Enterprise Manager Ops Center

    APP
    Oracle
    12.3.312.4.0
  • Oracle Goldengate Application Adapters

    APP
    Oracle
    12.3.2.1.0
  • Oracle Jd Edwards Enterpriseone Tools

    APP
    Oracle
    9.2
  • Oracle Real User Experience Insight

    APP
    Oracle
    13.1.2.113.2.3.113.3.1.0
  • Oracle Retail Predictive Application Server

    APP
    Oracle
    15.0.316.0.3.0
  • Oracle Security Service

    APP
    Oracle
    11.1.1.9.012.1.3.0.012.2.1.3.0
  • Oracle Timesten In Memory Database

    APP
    Oracle
    < 18.1.4.1.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2021-42013CRITICAL9.8⚠ KEVten sam produkt

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could ...

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2026-46879CRITICAL9.8ten sam produkt

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infras...

CVE-2026-46878CRITICAL9.8ten sam produkt

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infras...

CVE-2026-46880CRITICAL9.8ten sam produkt

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infras...