CVE-2018-11055

Name of the Vulnerable Software and Affected Versions: RSA BSAFE Micro Edition Suite versions prior to 4.0.11 RSA BSAFE Micro Edition Suite versions prior to 4.1.6.1 Oracle Security Service (affected versions not specified) Oracle Database Server (affected versions not specified) Oracle Communications IP Service Activator (affected versions not specified) Enterprise Manager Ops Center (affected versions not specified)

Description: The issue is related to improper clearing of heap memory before release, which could allow a malicious local user to gain access to unauthorized data by doing heap inspection. This is due to decoded PKCS #12 data in heap memory not being zeroized before releasing the memory internally. Exploitation of the vulnerability may allow an attacker to disclose protected information.

Recommendations: For RSA BSAFE Micro Edition Suite versions prior to 4.0.11, update to version 4.0.11 or later. For RSA BSAFE Micro Edition Suite versions prior to 4.1.6.1, update to version 4.1.6.1 or later. For Oracle Security Service, Oracle Database Server, Oracle Communications IP Service Activator, and Enterprise Manager Ops Center, at the moment, there is no information about a newer version that contains a fix for this vulnerability.