2018-06-05 15:29:00 2019-10-03 02:03:26

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
Redhat Jboss enterprise application platform 7.1.0 (not an official CPE) Oracle Weblogic server 12.1.3.0.0 (not an official CPE) Oracle Webcenter portal 12.2.1.3.0 (not an official CPE) Oracle Webcenter portal 11.1.1.9.0 (not an official CPE) Oracle Soa suite 12.2.1.3.0 (not an official CPE) Oracle Retail xstore point of service 7.0 (not an official CPE) Oracle Soa suite 12.1.3.0.0 (not an official CPE) Oracle Retail xstore point of service 7.1 (not an official CPE) Oracle Peoplesoft enterprise peopletools 8.57 (not an official CPE) Oracle Retail convenience and fuel pos software 2.8.1 (not an official CPE) Oracle Peoplesoft enterprise peopletools 8.56 (not an official CPE) Oracle Managed file transfer 12.2.1.3.0 (not an official CPE) Oracle Peoplesoft enterprise peopletools 8.55 (not an official CPE) Oracle Managed file transfer 12.1.3.0.0 (not an official CPE) Oracle Enterprise repository 12.1.3.0.0 (not an official CPE) Oracle Communications application session controller 3.8.0 (not an official CPE) Oracle Business transaction management 12.1.0 (not an official CPE) Oracle Communications application session controller 3.7.1 (not an official CPE) Oracle Business process management suite 12.2.1.3.0 (not an official CPE) Oracle Business process management suite 11.1.1.9.0 (not an official CPE) Oracle Business process management suite 12.1.3.0.0 (not an official CPE) Netapp Oncommand workflow automation - (not an official CPE) Oracle Api gateway 11.1.2.4.0 (not an official CPE) Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.59 (not an official CPE) Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.58 (not an official CPE) Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.57 (not an official CPE) Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.56 (not an official CPE) Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.55 (not an official CPE) Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.54 (not an official CPE) Bouncycastle Fips java api 1.0.1 (not an official CPE)