CVE-2018-15769
Summary
| CVE | CVE-2018-15769 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-11-16 21:29:00 UTC |
| Updated | 2022-04-18 18:12:00 UTC |
| Description | RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Dell | Bsafe | All | All | All | All |
| Application | Emc | Rsa Bsafe | All | All | All | All |
| Application | Emc | Rsa Bsafe | All | All | All | All |
| Application | Oracle | Application Testing Suite | 13.3.0.1 | All | All | All |
| Application | Oracle | Communications Analytics | 12.1.1 | All | All | All |
| Application | Oracle | Communications Ip Service Activator | 7.3.0 | All | All | All |
| Application | Oracle | Communications Ip Service Activator | 7.4.0 | All | All | All |
| Application | Oracle | Core Rdbms | 11.2.0.4 | All | All | All |
| Application | Oracle | Core Rdbms | 12.1.0.2 | All | All | All |
| Application | Oracle | Core Rdbms | 12.2.0.1 | All | All | All |
| Application | Oracle | Core Rdbms | 18c | All | All | All |
| Application | Oracle | Core Rdbms | 19c | All | All | All |
| Application | Oracle | Enterprise Manager Ops Center | 12.3.3 | All | All | All |
| Application | Oracle | Enterprise Manager Ops Center | 12.4.0 | All | All | All |
| Application | Oracle | Goldengate Application Adapters | 12.3.2.1.0 | All | All | All |
| Application | Oracle | Jd Edwards Enterpriseone Tools | 9.2 | All | All | All |
| Application | Oracle | Real User Experience Insight | 13.1.2.1 | All | All | All |
| Application | Oracle | Real User Experience Insight | 13.2.3.1 | All | All | All |
| Application | Oracle | Real User Experience Insight | 13.3.1.0 | All | All | All |
| Application | Oracle | Retail Predictive Application Server | 15.0.3 | All | All | All |
| Application | Oracle | Retail Predictive Application Server | 16.0.3.0 | All | All | All |
| Application | Oracle | Security Service | 11.1.1.9.0 | All | All | All |
| Application | Oracle | Security Service | 12.1.3.0.0 | All | All | All |
| Application | Oracle | Security Service | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Timesten In-memory Database | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Oracle Critical Patch Update Advisory - July 2020 | MISC | www.oracle.com | |
| Oracle Critical Patch Update Advisory - October 2020 | MISC | www.oracle.com | |
| Dell EMC RSA BSAFE Micro Edition Suite Key Management CVE-2018-15769 Denial of Service Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Full Disclosure: DSA-2018-198: RSA® BSAFE® Micro Edition Suite Key Management Error Vulnerability | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| Oracle Critical Patch Update - July 2019 | MISC | www.oracle.com | |
| RSA BSAFE Micro Edition Suite Lets Remote Users Cause the Target Service to Crash - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Oracle Critical Patch Update Advisory - January 2020 | MISC | www.oracle.com | |
| Oracle Critical Patch Update Advisory - April 2020 | N/A | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.