CVE-2018-0735

medium

Details

Source: MITRE

Published: 2018-10-29

Updated: 2020-08-24

Type: CWE-327

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from 1.1.0 to 1.1.0i (inclusive)

cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* versions from 10.13.0 to 10.14.1 (inclusive)

cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* versions from 11.0.0 to 11.4.0 (inclusive)

Configuration 5

AND

OR

cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*

cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*

cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*

cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*

Configuration 7

OR

cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions up to 5.6.42 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.7.0 to 5.7.24 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 8.0.0 to 8.0.13 (inclusive)

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from 17.7 to 17.12 (inclusive)

cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
145661CentOS 8 : openssl (CESA-2019:3700)NessusCentOS Local Security Checks
high
137471EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2020-1629)NessusHuawei Local Security Checks
medium
132467NewStart CGSL CORE 5.05 / MAIN 5.05 : openssl Multiple Vulnerabilities (NS-SA-2019-0254)NessusNewStart CGSL Local Security Checks
medium
130567RHEL 8 : openssl (RHSA-2019:3700)NessusRed Hat Local Security Checks
high
129941NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0206)NessusNewStart CGSL Local Security Checks
medium
129175EulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-1981)NessusHuawei Local Security Checks
medium
125147Oracle Enterprise Manager Ops Center (Apr 2019 CPU)NessusMisc.
critical
124171Oracle Tuxedo Multiple Vulnerabilities (Apr 2019 CPU)NessusMisc.
medium
124169Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Apr 2019 CPU)NessusCGI abuses
critical
124157Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)NessusMisc.
high
123386openSUSE Security Update : openssl-1_1 (openSUSE-2019-956)NessusSuSE Local Security Checks
medium
121899Photon OS 1.0: Openssl PHSA-2018-1.0-0199NessusPhotonOS Local Security Checks
medium
121385OpenSSL 1.1.1 < 1.1.1a Multiple VulnerabilitiesNessusWeb Servers
medium
121384OpenSSL 1.1.0 < 1.1.0j Multiple VulnerabilitiesNessusWeb Servers
medium
121247Oracle VM VirtualBox 5.2.x < 5.2.24 / 6.0.x < 6.0.2 (Jan 2019 CPU)NessusMisc.
high
121239Fedora 29 : 1:openssl (2019-a8ffcff7ee)NessusFedora Local Security Checks
medium
120166SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2018:3863-1)NessusSuSE Local Security Checks
medium
119938Node.js Multiple Vulnerabilities (November 2018 Security Releases)NessusMisc.
high
119511FreeBSD : node.js -- multiple vulnerabilities (2a86f45a-fc3c-11e8-a414-00155d006b02)NessusFreeBSD Local Security Checks
high
119497Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : openssl, openssl1.0 vulnerabilities (USN-3840-1)NessusUbuntu Local Security Checks
medium
119313Debian DSA-4348-1 : openssl - security updateNessusDebian Local Security Checks
medium
119299SUSE SLED12 / SLES12 Security Update : openssl-1_1 (SUSE-SU-2018:3945-1)NessusSuSE Local Security Checks
medium
119140openSUSE Security Update : openssl-1_1 (openSUSE-2018-1465)NessusSuSE Local Security Checks
medium
119103Debian DLA-1586-1 : openssl security updateNessusDebian Local Security Checks
medium
118496FreeBSD : OpenSSL -- Multiple vulnerabilities in 1.1 branch (238ae7de-dba2-11e8-b713-b499baebfeaf)NessusFreeBSD Local Security Checks
medium