Oracle Data Integrator 12.2.1.3.0 Spring Framework 有风险的加密漏洞

admin

0
文章

0
评论

2023-12-02 04:39:14 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

低危 Oracle Data Integrator 12.2.1.3.0 Spring Framework 有风险的加密漏洞

CVE编号

CVE-2018-1000180

利用情况

暂无

补丁情况

官方补丁

披露时间

2018-06-06

漏洞描述

Bouncy Castle BC是一个用于C#和Java应用程序的加密库。 Bouncy Castle BC 1.54版本至1.59版本、BC-FJA 1.0.0版本和BC-FJA 1.0.1及之前版本中存在安全漏洞。目前没有详细的漏洞细节提供。

解决建议

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页：https://www.bouncycastle.org/

参考链接
http://www.securityfocus.com/bid/106567
https://access.redhat.com/errata/RHSA-2018:2423
https://access.redhat.com/errata/RHSA-2018:2424
https://access.redhat.com/errata/RHSA-2018:2425
https://access.redhat.com/errata/RHSA-2018:2428
https://access.redhat.com/errata/RHSA-2018:2643
https://access.redhat.com/errata/RHSA-2018:2669
https://access.redhat.com/errata/RHSA-2019:0877
https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad
https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839
https://github.com/bcgit/bc-java/wiki/CVE-2018-1000180
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9...
https://security.netapp.com/advisory/ntap-20190204-0003/
https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-o...
https://www.debian.org/security/2018/dsa-4233
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	bouncycastle	fips_java_api	*		Up to (including) 1.0.1
	运行在以下环境
	应用	bouncycastle	legion-of-the-bouncy-castle-java-crytography-api	*	From (including) 1.54	Up to (including) 1.59
	运行在以下环境
	应用	netapp	oncommand_workflow_automation	-	-
	运行在以下环境
	应用	oracle	api_gateway	11.1.2.4.0	-
	运行在以下环境
	应用	oracle	business_process_management_suite	11.1.1.9.0	-
	运行在以下环境
	应用	oracle	business_process_management_suite	12.1.3.0.0	-
	运行在以下环境
	应用	oracle	business_process_management_suite	12.2.1.3.0	-
	运行在以下环境
	应用	oracle	business_transaction_management	12.1.0	-
	运行在以下环境
	应用	oracle	communications_application_session_controller	3.7.1	-
	运行在以下环境
	应用	oracle	communications_application_session_controller	3.8.0	-
	运行在以下环境
	应用	oracle	communications_converged_application_server	*		Up to (excluding) 7.0.0.1
	运行在以下环境
	应用	oracle	communications_webrtc_session_controller	*		Up to (excluding) 7.2
	运行在以下环境
	应用	oracle	enterprise_repository	12.1.3.0.0	-
	运行在以下环境
	应用	oracle	managed_file_transfer	12.1.3.0.0	-
	运行在以下环境
	应用	oracle	managed_file_transfer	12.2.1.3.0	-
	运行在以下环境
	应用	oracle	peoplesoft_enterprise_peopletools	8.55	-
	运行在以下环境
	应用	oracle	peoplesoft_enterprise_peopletools	8.56	-
	运行在以下环境
	应用	oracle	peoplesoft_enterprise_peopletools	8.57	-
	运行在以下环境
	应用	oracle	retail_convenience_and_fuel_pos_software	2.8.1	-
	运行在以下环境
	应用	oracle	retail_xstore_point_of_service	7.0	-
	运行在以下环境
	应用	oracle	retail_xstore_point_of_service	7.1	-
	运行在以下环境
	应用	oracle	soa_suite	12.1.3.0.0	-
	运行在以下环境
	应用	oracle	soa_suite	12.2.1.3.0	-
	运行在以下环境
	应用	oracle	webcenter_portal	11.1.1.9.0	-
	运行在以下环境
	应用	oracle	webcenter_portal	12.2.1.3.0	-
	运行在以下环境
	应用	oracle	weblogic_server	12.1.3.0.0	-
	运行在以下环境
	应用	redhat	jboss_enterprise_application_platform	7.1.0	-
	运行在以下环境
	系统	debian	debian_linux	9.0	-
	运行在以下环境
	系统	debian_10	bouncycastle	*		Up to (excluding) 1.59-2
	运行在以下环境
	系统	debian_11	bouncycastle	*		Up to (excluding) 1.59-2
	运行在以下环境
	系统	debian_12	bouncycastle	*		Up to (excluding) 1.59-2
	运行在以下环境
系统	debian_sid	bouncycastle	*		Up to (excluding) 1.59-2
运行在以下环境
系统	fedora_27	bouncycastle-mail	*		Up to (excluding) 1.59-1.fc27
运行在以下环境
系统	fedora_28	bouncycastle-mail	*		Up to (excluding) 1.59-1.fc28
运行在以下环境
系统	opensuse_Leap_42.3	bouncycastle	*		Up to (excluding) 1.60-23.10.1
运行在以下环境
系统	redhat	enterprise_linux	6.0	-
运行在以下环境
系统	redhat	enterprise_linux	7.0	-
运行在以下环境
系统	redhat	virtualization	4.2	-
运行在以下环境
系统	ubuntu_18.10	bouncycastle	*		Up to (excluding) 1.60-1