CVE-2018-0735 vulnerability in NetApp and Other Products
Published on October 29, 2018

Timing attack against ECDSA signature generation

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2018-0735

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-0735 are published in these products:

NetApp Cloud Backup

NetApp Element Software

NetApp Oncommand Unified Manager

NetApp Santricity Smi S Provider

NetApp Smi S Provider

NetApp Snapdrive

NetApp Steelstore

nodejs node.js

OpenSSL

Oracle Api Gateway

Oracle Application Server

Oracle Enterprise Manager Base Platform

Oracle Enterprise Manager Ops Center

Oracle MySQL

Oracle Peoplesoft Enterprise Peopletools

Oracle Primavera P6 Enterprise Project Portfolio Management

Oracle Secure Global Desktop

Oracle Tuxedo

Oracle VM VirtualBox

Canonical Ubuntu Linux

Debian Linux

Affected Versions

OpenSSL:

Version Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i) is affected.
Version Fixed in OpenSSL 1.1.1a (Affected 1.1.1) is affected.

Exploit Probability

EPSS

7.04%

Percentile

91.37%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-0735 vulnerability in NetApp and Other ProductsPublished on October 29, 2018

Products Associated with CVE-2018-0735

Affected Versions

Exploit Probability

CVE-2018-0735 vulnerability in NetApp and Other Products
Published on October 29, 2018