CVE-2018-11057

Name of the Vulnerable Software and Affected Versions: RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x) RSA BSAFE Micro Edition Suite versions prior to 4.1.6.1 (in 4.1.x) Oracle Security Service (affected versions not specified) Oracle Database Server (affected versions not specified) Oracle Communications IP Service Activator (affected versions not specified) Enterprise Manager Ops Center (affected versions not specified)

Description: The issue is related to a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. This allows a remote attacker to potentially recover an RSA key. The vulnerability is associated with the use of defective cryptographic algorithms. Exploitation of the vulnerability may enable a remote attacker to recover an RSA key using the TCPS/HTTPS protocol.

Recommendations: For RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x), update to version 4.0.11 or later. For RSA BSAFE Micro Edition Suite versions prior to 4.1.6.1 (in 4.1.x), update to version 4.1.6.1 or later. For Oracle Security Service, Oracle Database Server, Oracle Communications IP Service Activator, and Enterprise Manager Ops Center, at the moment, there is no information about a newer version that contains a fix for this vulnerability.