The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
http://www.securityfocus.com/bid/105750
http://www.securitytracker.com/id/1041986
https://access.redhat.com/errata/RHSA-2019:3700
https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
https://security.netapp.com/advisory/ntap-20181105-0002/
https://usn.ubuntu.com/3840-1/
https://www.debian.org/security/2018/dsa-4348
https://www.openssl.org/news/secadv/20181029.txt
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Source: MITRE
Published: 2018-10-29
Updated: 2020-08-24
Type: CWE-327
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 5.9
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 2.2
Severity: MEDIUM
OR
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from 1.1.0 to 1.1.0i (inclusive)
OR
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
OR
OR
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* versions from 10.13.0 to 10.14.1 (inclusive)
cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* versions from 11.0.0 to 11.4.0 (inclusive)
AND
OR
OR
OR
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*
OR
cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions up to 5.6.42 (inclusive)
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.7.0 to 5.7.24 (inclusive)
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 8.0.0 to 8.0.13 (inclusive)
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from 17.7 to 17.12 (inclusive)
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
145661 | CentOS 8 : openssl (CESA-2019:3700) | Nessus | CentOS Local Security Checks | medium |
137471 | EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2020-1629) | Nessus | Huawei Local Security Checks | medium |
132467 | NewStart CGSL CORE 5.05 / MAIN 5.05 : openssl Multiple Vulnerabilities (NS-SA-2019-0254) | Nessus | NewStart CGSL Local Security Checks | medium |
130567 | RHEL 8 : openssl (RHSA-2019:3700) | Nessus | Red Hat Local Security Checks | medium |
129941 | NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0206) | Nessus | NewStart CGSL Local Security Checks | medium |
129175 | EulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-1981) | Nessus | Huawei Local Security Checks | medium |
125147 | Oracle Enterprise Manager Ops Center (Apr 2019 CPU) | Nessus | Misc. | high |
124171 | Oracle Tuxedo Multiple Vulnerabilities (Apr 2019 CPU) | Nessus | Misc. | medium |
124169 | Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Apr 2019 CPU) | Nessus | CGI abuses | high |
124157 | Oracle Enterprise Manager Cloud Control (Apr 2019 CPU) | Nessus | Misc. | medium |
123386 | openSUSE Security Update : openssl-1_1 (openSUSE-2019-956) | Nessus | SuSE Local Security Checks | medium |
121899 | Photon OS 1.0: Openssl PHSA-2018-1.0-0199 | Nessus | PhotonOS Local Security Checks | medium |
121385 | OpenSSL 1.1.1 < 1.1.1a Multiple Vulnerabilities | Nessus | Web Servers | medium |
121384 | OpenSSL 1.1.0 < 1.1.0j Multiple Vulnerabilities | Nessus | Web Servers | medium |
121247 | Oracle VM VirtualBox 5.2.x < 5.2.24 / 6.0.x < 6.0.2 (Jan 2019 CPU) | Nessus | Misc. | medium |
121239 | Fedora 29 : 1:openssl (2019-a8ffcff7ee) | Nessus | Fedora Local Security Checks | medium |
120166 | SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2018:3863-1) | Nessus | SuSE Local Security Checks | medium |
119938 | Node.js Multiple Vulnerabilities (November 2018 Security Releases) | Nessus | Misc. | medium |
119511 | FreeBSD : node.js -- multiple vulnerabilities (2a86f45a-fc3c-11e8-a414-00155d006b02) | Nessus | FreeBSD Local Security Checks | medium |
119497 | Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : openssl, openssl1.0 vulnerabilities (USN-3840-1) | Nessus | Ubuntu Local Security Checks | medium |
119313 | Debian DSA-4348-1 : openssl - security update | Nessus | Debian Local Security Checks | medium |
119299 | SUSE SLED12 / SLES12 Security Update : openssl-1_1 (SUSE-SU-2018:3945-1) | Nessus | SuSE Local Security Checks | medium |
119140 | openSUSE Security Update : openssl-1_1 (openSUSE-2018-1465) | Nessus | SuSE Local Security Checks | medium |
119103 | Debian DLA-1586-1 : openssl security update | Nessus | Debian Local Security Checks | medium |
118496 | FreeBSD : OpenSSL -- Multiple vulnerabilities in 1.1 branch (238ae7de-dba2-11e8-b713-b499baebfeaf) | Nessus | FreeBSD Local Security Checks | medium |