Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2018-0735

CVE information

Published

3 years ago

Last Modified

1 month ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

Medium

Impact Analysis

Description

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)..

CVSSv2.0 Score

Severity
Medium
Base Score
4.3/10
Exploit Score
8.6/10
Access Vector
Network
Access Complexity
Medium
Authentication Required
None
Impact Score
2.9/10
Confidentiality Impact
Partial
Availability Impact
None
Integrity Impact
None

CVSSv3.1 Score

Severity
Medium
Base Score
5.9/10
Exploit Score
2.2/10
Access Vector
Network
Access Complexity
High
Privileges Required
None
Impact Score
3.6/10
Confidentiality Impact
High
Availability Impact
None
Integrity Impact
None
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
  Yes
1.1.0 -
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:nodejs:node.js:10.13.0:*:*:*:lts:*:*:*
  Yes
- -
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
  Yes
11.0.0 11.3.0
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
  Yes
10.0.0 10.12.0
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*
  Yes
- -
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere
  Yes
9.4 -
cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*
  Yes
- -
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_m
  Yes
- -
cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_m
  Yes
- -
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_m
  Yes
- -
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_m
  Yes
- -
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:
  Yes
- -
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_m
  Yes
- -
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:
  Yes
- -
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:
  Yes
- -
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:
  Yes
- -
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_m
  Yes
17.7 -
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_m
  Yes
- -
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
  Yes
5.7.0 -
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
  Yes
8.0.0 -
cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
  Yes
- 6.0.0
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0
  Yes
- -
cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0
  Yes
- -
cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0
  Yes
- -
cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
  Yes
5.0.0 5.2.24