RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2018/Aug/46 | Mailing List Third Party Advisory |
https://www.oracle.com/security-alerts/cpuapr2020.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2020.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2020.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuoct2020.html | Patch Third Party Advisory |
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
18 Apr 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle retail Predictive Application Server
Oracle communications Analytics Oracle real User Experience Insight Oracle security Service Oracle Oracle goldengate Application Adapters Oracle enterprise Manager Ops Center Oracle timesten In-memory Database Oracle core Rdbms Oracle jd Edwards Enterpriseone Tools Oracle application Testing Suite Oracle communications Ip Service Activator |
|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2020.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory | |
References | (N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:* |
30 Nov 2021, 17:25
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:* |
Information
Published : 2018-08-31 18:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-11055
Mitre link : CVE-2018-11055
CVE.ORG link : CVE-2018-11055
JSON object : View
Products Affected
oracle
- goldengate_application_adapters
- retail_predictive_application_server
- core_rdbms
- real_user_experience_insight
- timesten_in-memory_database
- enterprise_manager_ops_center
- security_service
- communications_ip_service_activator
- application_testing_suite
- communications_analytics
- jd_edwards_enterpriseone_tools
dell
- bsafe
CWE
CWE-404
Improper Resource Shutdown or Release