RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2018/Aug/46 | Mailing List Third Party Advisory |
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2020.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuapr2020.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2020.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuoct2020.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2018-08-31 11:29
Updated : 2022-04-18 11:15
NVD link : CVE-2018-11055
Mitre link : CVE-2018-11055
JSON object : View
CWE
CWE-404
Improper Resource Shutdown or Release
Products Affected
oracle
- enterprise_manager_ops_center
- retail_predictive_application_server
- communications_analytics
- goldengate_application_adapters
- security_service
- jd_edwards_enterpriseone_tools
- communications_ip_service_activator
- application_testing_suite
- core_rdbms
- timesten_in-memory_database
- real_user_experience_insight
dell
- bsafe