Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2018-1000613

Published: 09/07/2018 Updated: 25/01/2024
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Legion-of-the-bouncy-castle-java-crytography-api

Vulnerability Summary

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

bouncycastle legion-of-the-bouncy-castle-java-crytography-api

netapp oncommand workflow automation -

opensuse leap 15.1

oracle retail xstore point of service 7.1

oracle api gateway 11.1.2.4.0

oracle enterprise repository 12.1.3.0.0

oracle retail xstore point of service 7.0

oracle enterprise repository 11.1.1.7.0

oracle peoplesoft enterprise peopletools 8.55

oracle peoplesoft enterprise peopletools 8.56

oracle communications webrtc session controller 7.2

oracle webcenter portal 12.2.1.3.0

oracle webcenter portal 11.1.1.9.0

oracle weblogic server 12.2.1.3

oracle business process management suite 12.1.3.0.0

oracle business process management suite 12.2.1.3.0

oracle business process management suite 11.1.1.9.0

oracle soa suite 12.1.3.0.0

oracle soa suite 12.2.1.3.0

oracle peoplesoft enterprise peopletools 8.57

oracle managed file transfer 12.2.1.3.0

oracle communications converged application server

oracle banking platform 2.6.0

oracle banking platform 2.6.1

oracle banking platform 2.6.2

oracle communications webrtc session controller

oracle retail convenience and fuel pos software 2.8.1

oracle utilities network management system 1.12.0.3

oracle utilities network management system 2.3.0.0

oracle utilities network management system 2.3.0.1

oracle utilities network management system 2.3.0.2

oracle enterprise manager for fusion middleware 13.2.0.0

oracle enterprise manager base platform 13.2.0.0

oracle data integrator 12.2.1.3.0

oracle communications application session controller 3.7.1

oracle communications application session controller 3.8.0

oracle managed file transfer 12.1.3.0.0

oracle business transaction management 12.1.0

oracle enterprise manager base platform 12.1.0.5.0

oracle enterprise manager base platform 13.3.0.0

oracle enterprise manager for fusion middleware 13.3.0.0

oracle communications diameter signaling router 8.2.1

oracle communications diameter signaling router 8.0.0

oracle communications diameter signaling router 8.1

oracle communications diameter signaling router 8.2

oracle communications converged application server 7.0.0.1

oracle communications convergence 3.0.2

Github Repositories

https://github.com/regNec/apkLibDetect

apkLibDetect 工具链由两部分组成: 前端为LibScout - githubcom/reddr/LibScout 后端为从snyk采集的数据库 - snykio/vuln Run 需先build LibScout Generate a runnable jar with the gradle wrapper gradlew (Linux/MacOS) or gradlewbat (Windows), by invoking it with the build task, eg /gradlew build The LibScoutjar is output to the build/lib

References

CWE-470https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dchttps://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://security.netapp.com/advisory/ntap-20190204-0003/https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Ehttps://nvd.nist.govhttps://github.com/regNec/apkLibDetect
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook