VARIoT IoT vulnerabilities database

In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source. SAP NetWeaver BI Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAP NetWeaver Business Intelligence is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions. NetWeaver Business Intelligence 7.30, 7.31. 7.40, 7.41, and 7.50 are vulnerable

A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access. Multiple Intel Products are prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to potentially modify or disclose sensitive information. This may lead to further attacks. Intel CSME is a converged security management engine. Intel Trusted Execution Engine is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit)

A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. 389 Directory Server Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RedHat389DirectoryServer (formerly known as FedoraDirectoryServer) is an enterprise-class Linux directory server from RedHat. The server fully supports the LDAPv3 specification and features scalable, multi-master replication. A security vulnerability exists in RedHat389DirectoryServer. An attacker could exploit the vulnerability to cause a denial of service (crash). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: 389-ds-base security and bug fix update Advisory ID: RHSA-2018:2757-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2757 Issue date: 2018-09-25 CVE Names: CVE-2018-10850 CVE-2018-10935 CVE-2018-14624 CVE-2018-14638 ==================================================================== 1. Summary: An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Security Fix(es): * 389-ds-base: race condition on reference counter leads to DoS using persistent search (CVE-2018-10850) * 389-ds-base: ldapsearch with server side sort allows users to cause a crash (CVE-2018-10935) * 389-ds-base: Server crash through modify command with large DN (CVE-2018-14624) * 389-ds-base: Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly (CVE-2018-14638) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-10850 issue was discovered by Thierry Bordaz (Red Hat) and the CVE-2018-14638 issue was discovered by Viktor Ashirov (Red Hat). Bug Fix(es): * Previously, the nucn-stans framework was enabled by default in Directory Server, but the framework is not stable. As a consequence, deadlocks and file descriptor leaks could occur. This update changes the default value of the nsslapd-enable-nunc-stans parameter to "off". (BZ#1614836) * When a search evaluates the "shadowAccount" entry, Directory Server adds the shadow attributes to the entry. If the fine-grained password policy is enabled, the "shadowAccount" entry can contain its own "pwdpolicysubentry" policy attribute. Previously, to retrieve this attribute, the server started an internal search for each "shadowAccount" entry, which was unnecessary because the entry was already known to the server. As a result, the performance of searches, such as response time and throughput, is improved. (BZ#1615924) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the 389 server service will be restarted automatically. 5. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm x86_64: 389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm x86_64: 389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm ppc64le: 389-ds-base-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.ppc64le.rpm x86_64: 389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm aarch64: 389-ds-base-1.3.7.5-28.el7_5.aarch64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.aarch64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.aarch64.rpm ppc64le: 389-ds-base-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm ppc64: 389-ds-base-1.3.7.5-28.el7_5.ppc64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.ppc64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.ppc64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.ppc64.rpm ppc64le: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.ppc64le.rpm s390x: 389-ds-base-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.s390x.rpm x86_64: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm aarch64: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.aarch64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.aarch64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.aarch64.rpm ppc64le: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.ppc64le.rpm s390x: 389-ds-base-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm x86_64: 389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-10850 https://access.redhat.com/security/cve/CVE-2018-10935 https://access.redhat.com/security/cve/CVE-2018-14624 https://access.redhat.com/security/cve/CVE-2018-14638 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW6qI2dzjgjWX9erEAQgW5g//Xn0tMzXPX9ttN9u/n6vEr3kEio7meGc8 g70R7mtWsJj5z3VfnvFD5mRmQQinsMJXI0/IUfBU+X/oZb7rGI33ALYh0lg1rerc 2jxXBAwJKpSwkstFvJiUs2XOznh3VaYkwg/UxqEtkh4xSnO1WfbFJpHhoPIf6d8Y Cu7ymH+3VGLTR3N11HJzbrmKdmyt3p/s8UGuKO0Lh6rtnSdtM7eq5mfOYgRAp/Wm PZgVCLexexfVNzqzIjkt/KzpNrobFJUryZbXrafVpq14nUAWFRWDN4TCzUdDd0GA um46apVZHH2mAZuq+FIvokFBIIxW2DEvxj/c2UiZqDv2o7TOocssOJXw4CUIsitD QZBLnlmH/jq/L4HHwnT/4eshz2kX6yEYVNP7Nhv4bamEC7eu0y8anItyErZ7+w2L aY/3kL3uWssWnU9ESyIXvex34HmcHK0FzeBKV5ZUEwBXfdjBAGf5k8l0MyoyiS7D FK+OxXsLaORs66GaPA1MHAyAscIVTElu0GQRInDQKCgRf3uvzKT3UammoPF6Djk4 DxxIVjFV7ZExade0XdjlpkI4kUItvxXRnvAX7nT34D+jBny3WuWuVCLHUcrvYaZl hf1pBHkwR/kuK/BHh99QM/JrfvJixe0Nwosdi+ra1TO2eB2/TPtJUdeoiMcoF7qA emssayK3UGk=rOwt -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK. Microsoft Windows is a series of operating systems released by Microsoft Corporation of the United States. Microsoft Azure Active Directory Connect is a service provided by Microsoft Corporation of the United States that provides identity and access management in the cloud. An attacker could exploit this vulnerability to forge a server by performing a man-in-the-middle attack

An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "correlationId" value in order to exploit this vulnerability. Samsung SmartThings Hub Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SamsungSmartThingsHub is a smart home management device from South Korea's Samsung. video-coreHTTPserver is one of the HTTP servers. field

FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext. FURUNO FELCOM 250 and 500 The device contains a certificate / password management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. FURUNO FELCOM 250 and 500 are shipborne communication equipment of Japan Furuno Electric Company. There is a security hole in the FURUNO FELCOM 250 and 500

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy overflows the destination buffer, which has a size of 2,000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability. Samsung SmartThings Hub STH-ETH-250-Firmware Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SamsungSmartThingsHubSTH-ETH-250 is a smart home management device from South Korea's Samsung. video-coreHTTPserver is one of the HTTP servers

Huangshi Kewei Automatic Control Co., Ltd. is an enterprise that develops, produces, and sells a series of industrial control products such as embedded PLC, intelligent servo, and man-machine interface. There is a memory corruption vulnerability in the IOCS screen configuration software of the Kewei text integrated machine. The vulnerability is due to the failure of the IOCS1.33.exe file to verify the integrity of the project file. An attacker could use the vulnerability to cause memory corruption when reading the project file

The EL-100 series serial device networking server allows serial devices to be networked immediately and accessed directly through software. Guangzhou Chaoran Computer Co., Ltd. EL-100 series industrial control equipment has unauthorized access and weak password vulnerabilities. Attackers can use the vulnerability to bypass the login window and obtain sensitive information

IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691. IBM Datacap Fastdoc Capture Contains an authentication vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 148691 It is released as.Information may be tampered with. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks

A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via an approach involving a 5.4 TB precomputation, followed by wake-frame reception and two challenge/response operations, to clone a key fob within a few seconds. Pektron Passive Keyless Entry and Start (PKES) There are cryptographic vulnerabilities in the system.Information may be tampered with. The Tesla Model S is an electric car produced by Tesla. The PKES system used in the Tesla Model S and other devices has a security flaw that stems from the fact that the PKES system relies on the DST40 cipher. An attacker could exploit this vulnerability to clone car keys in seconds

FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi. FURUNO FELCOM 250 and 500 The device contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FURUNO FELCOM 250 and 500 are shipborne communication equipment of Japan Furuno Electric Company. The /cgi-bin/sm_changepassword.cgi file and the /cgi-bin/sm_sms_changepasswd.cgi file in FURUNO FELCOM 250 and 500 have an access control error vulnerability

Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic. Dell EMC VPlex GeoSynchrony Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell EMC VPlex is a new generation of data storage platform for information movement and access within the data center, across data centers and between data centers of Dell; GeoSynchrony is a set of VPLEX operating system. A remote attacker could exploit this vulnerability to gain access to data on the target system and modify the data. Link to remedies: Please contact your local field representative to assist with the planning for the VPLEX upgrade which requires a Change Control Authorization (CCA). -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAluSaocACgkQgSlofD2Y i6c7rxAAo2FBxnrffBEhFs+yysuesMxd8f1Qep+C3GDtH759hcFSmiRCg3CDDWNs 2yniNrQLwNBtM/9qh0NX4x63HxOVVOsC0a2g+oPMHQjN6W+1Ql0eBFkFoFwCQpIZ +67znLrXaF4BMZJEF7nr9EZRkb/bUaR+mj7T1ih3dWKp+4jzNwqN/Cd+UL1QsqmE C2Now1sQjzkH0RlTq4dp4Y4WpiuYpO1cF7yAlqNmxHhkQZjx9BKWZ+1gBVpAr1Ge EeLkzcwtpayzM4XryZCvZjt2qA+GTxW/mRYOen62pKcWHjsNyALwqVWNshx2l27r run8/tUVuD998Bzc6P6QyUkokY73cBgvGa7Ca5SAmlxTHra9kenaF/IOQfp1tzQK mPW1esNalXP+HRRWIAFCC10F+H492OKsA4vUmJmks0oHQnLOTuzzQXCZWNh9zrLG T3jW4d58NKV9oml/+9a7czOMsTHvNzd+powS6C7KZLo4ltwuynP1Akgtwj1Calvj HRRRAhJEsG2w1AcfEB0SCr/JDP39S49nWgNWlhESjoPPyuWac9mH71EHQiIgPM+u GBk14E3RCbxP136zxOgYibDI8Z3w+yWkTs2x4dYCsVB1igocSdzwZJxUrsUAv/B8 nMKoYU+zx/jsC3WEopu4hO361t/w368VAmPLZP6x29wFqUS9K2o= =+3mo -----END PGP SIGNATURE-----

An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection, create_union). Contiki-NG Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Attackers can use this vulnerability to cause a denial of service. Contiki-NG is an open source cross-platform operating system for the next generation of IoT devices. The 'lookup' in the os / storage / antelope / lvm.c file in Contiki-NG 4.1 and earlier has a security vulnerability. An attacker could use this vulnerability to execute code (buffer read out of bounds)

An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next string). Contiki-NG Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Contiki-NG is an open source cross-platform operating system for next-generation IoT devices. Attackers can use this vulnerability to execute code

An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in os/storage/antelope/lvm.c. Contiki-NG Contains a buffer error vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Contiki-NG is an open source cross-platform operating system for the next generation of IoT devices. A buffer overflow vulnerability exists in the 'lvm_shift_for_operator' function in the os / storage / antelope / lvm.c file in Contiki-NG 4.1 and earlier versions. An attacker could use this vulnerability to cause the AQL engine to crash or manipulate data in other buffers

An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand). Contiki-NG Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Contiki-NG is an open source cross-platform operating system for the next generation of IoT devices. A buffer overflow vulnerability exists in the 'lvm_set_type' function of the os / storage / antelope / lvm.c file in Contiki-NG 4.1 and earlier versions. An attacker could use this vulnerability to execute code

An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations). Contiki-NG Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Contiki-NG is an open source cross-platform operating system for next-generation IoT devices. A remote attacker can use this vulnerability to execute code (crash)

RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. RSA BSAFE SSL-J Contains vulnerabilities related to security features.Information may be obtained. Dell EMC RSA BSAFE is a security software product of Dell (Dell), which supports encryption algorithms, certificate chain verification, and Transport Layer Security (TLS) cipher suites, etc., to help users achieve various security goals for their applications . RSA BSAFE SSL-J is one of the SSL toolkits. The vulnerability is caused by the program not properly clearing the heap memory before releasing the memory. An attack in close physical proximity could exploit this vulnerability to recover the key. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DSA-2018-150:RSA BSAFE(r) SSL-J Multiple Vulnerabilities Dell EMC Identifier: DSA-2018-150 CVE Identifier: CVE-2018-11068, CVE-2018-11069, CVE-2018-11070 Severity: Medium Severity Rating: View details below for individual CVSS Score for each CVE Affected Products: RSA BSAFE Crypto-J versions prior to 6.2.4 RSA BSAFE SSL-J versions prior to 6.2.4 Summary: RSA BSAFE Crypto-J and SSL-J contains fixes for multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. CVSS v3.0 Base Score: 3.9 (AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) Covert Timing Channel Vulnerability, CVE-2018-11069 RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. A remote attacker may be able to recover a RSA key. CVSS v3.0 Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) Recommendation: The following RSA BSAFE Crypto-J and SSL-J releases contain resolutions to these vulnerabilities: RSA BSAFE Crypto-J version 6.2.4 RSA BSAFE SSL-J version 6.2.4 For additional documentation, downloads, and more, visit the RSA BSAFE page at https://community.rsa.com/community/products/bsafe on RSA Link. Severity Rating: For an explanation of Severity Ratings, refer to the Security Advisories Severity Rating knowledge base article at https://community.rsa.com/docs/DOC-47147. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EOPS Policy: RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle at https://community.rsa.com/docs/DOC-40387 for additional details. Legal Information: Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact RSA Customer Support at https://community.rsa.com/docs/DOC-1294. RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, Dell Technologies, distribute RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA, its affiliates or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. Dell Product Security Incident Response Team (PSIRT) secure@dell.com -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAluQalwACgkQgSlofD2Y i6fYBBAAi/9xinlt+Inx/esVGjrJRgDKhn2bB+4SR5nwPFlYttl6ePxKW1dY3QQO phnd4hHez0UuyPiPNWNLdbByuT1FKPhyG6/6NnbxZZOyCFSLpP602cYiBkDw31pj HKDI4hKzWnaKLY4N6ghUHzX77I2CO8KIcxkN9r86MK+h0ZfOHxjpJLDIZ8uZ/yhy YvJMTtLCUb8j+a4ozL7zXmsUvc1hU84YhKvuNXsTGhTmc+Iy02fVAIigHKMFspgV mHwVueGdmWVR5k05QaF47sSaGXZcqW1lAOvwxr0u300wrxlryJhQHiZ6fZh8B6VT D/6BX8JNUgyN+teu23rGb7KNKCQmE8Yo72bBg+1C+GDip80r1D2+q1mhzV+aPCib PgASSx+mOPER4T8jVKrpj5bjSGrrOx4BXxDHD6UZyg3gkoA6tGny4h+LUeZgnCx4 t6t5pipDsTm4lX9gPngnWMpKFBI4IBVGeQdDW1IXwvaeR3ePeAc2MMHv4MO23T51 p/8X0aIvSfxBtznElwD3QEkt+qfsrqJ+qQ3QCmg18PPB6REFcP8k8cYuHBKuL/JX 9+n0U6EJvtE+TA+Kj/yqLbZbPtOR98aK8PcZ15yLRtSKSo/swe/Ir26r0oTRVG94 FUPkwX11l36jHhpvziMJMRcYi3FxO+dttEQRsw6fg7A4pUjSN1U= =lYoY -----END PGP SIGNATURE-----

RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. RSA BSAFE SSL-J Contains a cryptographic vulnerability.Information may be obtained. Dell EMC RSA BSAFE is a security software product of Dell (Dell), which supports encryption algorithms, certificate chain verification, and Transport Layer Security (TLS) cipher suites, etc., to help users achieve various security goals for their applications . RSA BSAFE SSL-J is one of the SSL toolkits. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DSA-2018-150:RSA BSAFE(r) SSL-J Multiple Vulnerabilities Dell EMC Identifier: DSA-2018-150 CVE Identifier: CVE-2018-11068, CVE-2018-11069, CVE-2018-11070 Severity: Medium Severity Rating: View details below for individual CVSS Score for each CVE Affected Products: RSA BSAFE Crypto-J versions prior to 6.2.4 RSA BSAFE SSL-J versions prior to 6.2.4 Summary: RSA BSAFE Crypto-J and SSL-J contains fixes for multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. Details: Improper Clearing of Heap Memory Before Release ('Heap Inspection') Vulnerability, CVE-2018-11068 RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. Severity Rating: For an explanation of Severity Ratings, refer to the Security Advisories Severity Rating knowledge base article at https://community.rsa.com/docs/DOC-47147. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EOPS Policy: RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle at https://community.rsa.com/docs/DOC-40387 for additional details. Legal Information: Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact RSA Customer Support at https://community.rsa.com/docs/DOC-1294. RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, Dell Technologies, distribute RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA, its affiliates or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. Dell Product Security Incident Response Team (PSIRT) secure@dell.com -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAluQalwACgkQgSlofD2Y i6fYBBAAi/9xinlt+Inx/esVGjrJRgDKhn2bB+4SR5nwPFlYttl6ePxKW1dY3QQO phnd4hHez0UuyPiPNWNLdbByuT1FKPhyG6/6NnbxZZOyCFSLpP602cYiBkDw31pj HKDI4hKzWnaKLY4N6ghUHzX77I2CO8KIcxkN9r86MK+h0ZfOHxjpJLDIZ8uZ/yhy YvJMTtLCUb8j+a4ozL7zXmsUvc1hU84YhKvuNXsTGhTmc+Iy02fVAIigHKMFspgV mHwVueGdmWVR5k05QaF47sSaGXZcqW1lAOvwxr0u300wrxlryJhQHiZ6fZh8B6VT D/6BX8JNUgyN+teu23rGb7KNKCQmE8Yo72bBg+1C+GDip80r1D2+q1mhzV+aPCib PgASSx+mOPER4T8jVKrpj5bjSGrrOx4BXxDHD6UZyg3gkoA6tGny4h+LUeZgnCx4 t6t5pipDsTm4lX9gPngnWMpKFBI4IBVGeQdDW1IXwvaeR3ePeAc2MMHv4MO23T51 p/8X0aIvSfxBtznElwD3QEkt+qfsrqJ+qQ3QCmg18PPB6REFcP8k8cYuHBKuL/JX 9+n0U6EJvtE+TA+Kj/yqLbZbPtOR98aK8PcZ15yLRtSKSo/swe/Ir26r0oTRVG94 FUPkwX11l36jHhpvziMJMRcYi3FxO+dttEQRsw6fg7A4pUjSN1U= =lYoY -----END PGP SIGNATURE-----