← back
CVE-2018-11055

CVE-2018-11055

CVSS 4.4 MEDIUMEPSS 0.4%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.4EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
31 Aug 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected products
RSA · BSAFE Micro Edition Suite

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2018/Aug/46https://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html