CVE-2018-1000613

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.

Las API Legion of the Bouncy Castle Java Cryptography de Legion of the Bouncy Castle en versiones hasta 1.58 pero sin incluir la versión 1.60, contiene una debilidad CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection'), vulnerabilidad en la deserialización de la clave privada XMSS/XMSS^MT que puede resultar en desrealizar una clave privada XMSS/XMSS^MT puede resultar en la ejecución de código inesperado. Este ataque parece ser explotable por medio de una clave privada artesanal que puede incluir referencias a clases inesperadas que se recogerán del class path para la aplicación en ejecución. Esta vulnerabilidad parece haber sido solucionada en la versión 1.60 y versiones posteriores.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2018-06-29 CVE Reserved
2018-07-09 CVE Published
2024-09-03 EPSS Updated
2024-11-14 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

CAPEC

References (11)

URL	Tag	Source
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E	Mailing List
https://security.netapp.com/advisory/ntap-20190204-0003	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574	2024-01-25
https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc	2024-01-25
https://www.oracle.com/security-alerts/cpuApr2021.html	2024-01-25
https://www.oracle.com/security-alerts/cpuapr2020.html	2024-01-25
https://www.oracle.com/security-alerts/cpuoct2020.html	2024-01-25
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	2024-01-25
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	2024-01-25
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	2024-01-25

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html	2024-01-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bouncycastle Search vendor "Bouncycastle"		Legion-of-the-bouncy-castle-java-crytography-api Search vendor "Bouncycastle" for product "Legion-of-the-bouncy-castle-java-crytography-api"				>= 1.58 < 1.60 Search vendor "Bouncycastle" for product "Legion-of-the-bouncy-castle-java-crytography-api" and version " >= 1.58 < 1.60"		-		Affected
Netapp Search vendor "Netapp"		Oncommand Workflow Automation Search vendor "Netapp" for product "Oncommand Workflow Automation"				-		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.1 Search vendor "Opensuse" for product "Leap" and version "15.1"		-		Affected
Oracle Search vendor "Oracle"		Api Gateway Search vendor "Oracle" for product "Api Gateway"				11.1.2.4.0 Search vendor "Oracle" for product "Api Gateway" and version "11.1.2.4.0"		-		Affected
Oracle Search vendor "Oracle"		Banking Platform Search vendor "Oracle" for product "Banking Platform"				2.6.0 Search vendor "Oracle" for product "Banking Platform" and version "2.6.0"		-		Affected
Oracle Search vendor "Oracle"		Banking Platform Search vendor "Oracle" for product "Banking Platform"				2.6.1 Search vendor "Oracle" for product "Banking Platform" and version "2.6.1"		-		Affected
Oracle Search vendor "Oracle"		Banking Platform Search vendor "Oracle" for product "Banking Platform"				2.6.2 Search vendor "Oracle" for product "Banking Platform" and version "2.6.2"		-		Affected
Oracle Search vendor "Oracle"		Business Process Management Suite Search vendor "Oracle" for product "Business Process Management Suite"				11.1.1.9.0 Search vendor "Oracle" for product "Business Process Management Suite" and version "11.1.1.9.0"		-		Affected
Oracle Search vendor "Oracle"		Business Process Management Suite Search vendor "Oracle" for product "Business Process Management Suite"				12.1.3.0.0 Search vendor "Oracle" for product "Business Process Management Suite" and version "12.1.3.0.0"		-		Affected
Oracle Search vendor "Oracle"		Business Process Management Suite Search vendor "Oracle" for product "Business Process Management Suite"				12.2.1.3.0 Search vendor "Oracle" for product "Business Process Management Suite" and version "12.2.1.3.0"		-		Affected
Oracle Search vendor "Oracle"		Business Transaction Management Search vendor "Oracle" for product "Business Transaction Management"				12.1.0 Search vendor "Oracle" for product "Business Transaction Management" and version "12.1.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Application Session Controller Search vendor "Oracle" for product "Communications Application Session Controller"				3.7.1 Search vendor "Oracle" for product "Communications Application Session Controller" and version "3.7.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Application Session Controller Search vendor "Oracle" for product "Communications Application Session Controller"				3.8.0 Search vendor "Oracle" for product "Communications Application Session Controller" and version "3.8.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Converged Application Server Search vendor "Oracle" for product "Communications Converged Application Server"				< 7.0.0.1 Search vendor "Oracle" for product "Communications Converged Application Server" and version " < 7.0.0.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Converged Application Server Search vendor "Oracle" for product "Communications Converged Application Server"				7.0.0.1 Search vendor "Oracle" for product "Communications Converged Application Server" and version "7.0.0.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Convergence Search vendor "Oracle" for product "Communications Convergence"				3.0.2 Search vendor "Oracle" for product "Communications Convergence" and version "3.0.2"		-		Affected
Oracle Search vendor "Oracle"		Communications Diameter Signaling Router Search vendor "Oracle" for product "Communications Diameter Signaling Router"				8.0.0 Search vendor "Oracle" for product "Communications Diameter Signaling Router" and version "8.0.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Diameter Signaling Router Search vendor "Oracle" for product "Communications Diameter Signaling Router"				8.1 Search vendor "Oracle" for product "Communications Diameter Signaling Router" and version "8.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Diameter Signaling Router Search vendor "Oracle" for product "Communications Diameter Signaling Router"				8.2 Search vendor "Oracle" for product "Communications Diameter Signaling Router" and version "8.2"		-		Affected
Oracle Search vendor "Oracle"		Communications Diameter Signaling Router Search vendor "Oracle" for product "Communications Diameter Signaling Router"				8.2.1 Search vendor "Oracle" for product "Communications Diameter Signaling Router" and version "8.2.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Webrtc Session Controller Search vendor "Oracle" for product "Communications Webrtc Session Controller"				< 7.2 Search vendor "Oracle" for product "Communications Webrtc Session Controller" and version " < 7.2"		-		Affected
Oracle Search vendor "Oracle"		Communications Webrtc Session Controller Search vendor "Oracle" for product "Communications Webrtc Session Controller"				7.2 Search vendor "Oracle" for product "Communications Webrtc Session Controller" and version "7.2"		-		Affected
Oracle Search vendor "Oracle"		Data Integrator Search vendor "Oracle" for product "Data Integrator"				12.2.1.3.0 Search vendor "Oracle" for product "Data Integrator" and version "12.2.1.3.0"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Manager Base Platform Search vendor "Oracle" for product "Enterprise Manager Base Platform"				12.1.0.5.0 Search vendor "Oracle" for product "Enterprise Manager Base Platform" and version "12.1.0.5.0"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Manager Base Platform Search vendor "Oracle" for product "Enterprise Manager Base Platform"				13.2.0.0 Search vendor "Oracle" for product "Enterprise Manager Base Platform" and version "13.2.0.0"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Manager Base Platform Search vendor "Oracle" for product "Enterprise Manager Base Platform"				13.3.0.0 Search vendor "Oracle" for product "Enterprise Manager Base Platform" and version "13.3.0.0"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Manager For Fusion Middleware Search vendor "Oracle" for product "Enterprise Manager For Fusion Middleware"				13.2.0.0 Search vendor "Oracle" for product "Enterprise Manager For Fusion Middleware" and version "13.2.0.0"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Manager For Fusion Middleware Search vendor "Oracle" for product "Enterprise Manager For Fusion Middleware"				13.3.0.0 Search vendor "Oracle" for product "Enterprise Manager For Fusion Middleware" and version "13.3.0.0"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Repository Search vendor "Oracle" for product "Enterprise Repository"				11.1.1.7.0 Search vendor "Oracle" for product "Enterprise Repository" and version "11.1.1.7.0"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Repository Search vendor "Oracle" for product "Enterprise Repository"				12.1.3.0.0 Search vendor "Oracle" for product "Enterprise Repository" and version "12.1.3.0.0"		-		Affected
Oracle Search vendor "Oracle"		Managed File Transfer Search vendor "Oracle" for product "Managed File Transfer"				12.1.3.0.0 Search vendor "Oracle" for product "Managed File Transfer" and version "12.1.3.0.0"		-		Affected
Oracle Search vendor "Oracle"		Managed File Transfer Search vendor "Oracle" for product "Managed File Transfer"				12.2.1.3.0 Search vendor "Oracle" for product "Managed File Transfer" and version "12.2.1.3.0"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.55 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.55"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.56 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.56"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.57 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.57"		-		Affected
Oracle Search vendor "Oracle"		Retail Convenience And Fuel Pos Software Search vendor "Oracle" for product "Retail Convenience And Fuel Pos Software"				2.8.1 Search vendor "Oracle" for product "Retail Convenience And Fuel Pos Software" and version "2.8.1"		-		Affected
Oracle Search vendor "Oracle"		Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service"				7.0 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "7.0"		-		Affected
Oracle Search vendor "Oracle"		Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service"				7.1 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "7.1"		-		Affected
Oracle Search vendor "Oracle"		Soa Suite Search vendor "Oracle" for product "Soa Suite"				12.1.3.0.0 Search vendor "Oracle" for product "Soa Suite" and version "12.1.3.0.0"		-		Affected
Oracle Search vendor "Oracle"		Soa Suite Search vendor "Oracle" for product "Soa Suite"				12.2.1.3.0 Search vendor "Oracle" for product "Soa Suite" and version "12.2.1.3.0"		-		Affected
Oracle Search vendor "Oracle"		Utilities Network Management System Search vendor "Oracle" for product "Utilities Network Management System"				1.12.0.3 Search vendor "Oracle" for product "Utilities Network Management System" and version "1.12.0.3"		-		Affected
Oracle Search vendor "Oracle"		Utilities Network Management System Search vendor "Oracle" for product "Utilities Network Management System"				2.3.0.0 Search vendor "Oracle" for product "Utilities Network Management System" and version "2.3.0.0"		-		Affected
Oracle Search vendor "Oracle"		Utilities Network Management System Search vendor "Oracle" for product "Utilities Network Management System"				2.3.0.1 Search vendor "Oracle" for product "Utilities Network Management System" and version "2.3.0.1"		-		Affected
Oracle Search vendor "Oracle"		Utilities Network Management System Search vendor "Oracle" for product "Utilities Network Management System"				2.3.0.2 Search vendor "Oracle" for product "Utilities Network Management System" and version "2.3.0.2"		-		Affected
Oracle Search vendor "Oracle"		Webcenter Portal Search vendor "Oracle" for product "Webcenter Portal"				11.1.1.9.0 Search vendor "Oracle" for product "Webcenter Portal" and version "11.1.1.9.0"		-		Affected
Oracle Search vendor "Oracle"		Webcenter Portal Search vendor "Oracle" for product "Webcenter Portal"				12.2.1.3.0 Search vendor "Oracle" for product "Webcenter Portal" and version "12.2.1.3.0"		-		Affected
Oracle Search vendor "Oracle"		Weblogic Server Search vendor "Oracle" for product "Weblogic Server"				12.2.1.3 Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.3"		-		Affected