Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-5460

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-15 Oct, 2007 | 22:00
Updated At-07 Aug, 2024 | 15:31
Rejected At-
Credits

Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:15 Oct, 2007 | 22:00
Updated At:07 Aug, 2024 | 15:31
Rejected At:
▼CVE Numbering Authority (CNA)

Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://osvdb.org/38499
vdb-entry
x_refsource_OSVDB
http://www.securityfocus.com/bid/25976
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/37223
vdb-entry
x_refsource_XF
http://www.securityfocus.com/archive/1/482299/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://securityreason.com/securityalert/3232
third-party-advisory
x_refsource_SREASON
Hyperlink: http://osvdb.org/38499
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.securityfocus.com/bid/25976
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/37223
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/archive/1/482299/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://securityreason.com/securityalert/3232
Resource:
third-party-advisory
x_refsource_SREASON
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://osvdb.org/38499
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.securityfocus.com/bid/25976
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/37223
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/archive/1/482299/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://securityreason.com/securityalert/3232
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://osvdb.org/38499
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.securityfocus.com/bid/25976
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/37223
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/482299/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://securityreason.com/securityalert/3232
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:15 Oct, 2007 | 22:17
Updated At:09 Feb, 2024 | 03:07

Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.07.1HIGH
AV:N/AC:M/Au:N/C:C/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 7.1
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:N/A:N
CPE Matches
Microsoft Corporation
microsoft
>>activesync>>4.1
cpe:2.3:a:microsoft:activesync:4.1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_mobile>>5.0
cpe:2.3:o:microsoft:windows_mobile:5.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-327Primarynvd@nist.gov
CWE ID: CWE-327
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://osvdb.org/38499cve@mitre.org
Broken Link
http://securityreason.com/securityalert/3232cve@mitre.org
Broken Link
http://www.securityfocus.com/archive/1/482299/100/0/threadedcve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/25976cve@mitre.org
Broken Link
Patch
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/37223cve@mitre.org
Third Party Advisory
VDB Entry
Hyperlink: http://osvdb.org/38499
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://securityreason.com/securityalert/3232
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/archive/1/482299/100/0/threaded
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/25976
Source: cve@mitre.org
Resource:
Broken Link
Patch
Third Party Advisory
VDB Entry
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/37223
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

75Records found
CVE-2019-0688
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-10.30% / 92.88%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:15
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019WindowsWindows Server
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-28244
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-3.23% / 86.56%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Elevation of Privilege Vulnerability

Windows Kerberos Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2012 R2 (Server Core installation)Windows Server 2022Windows Server 2016Windows Server 2012Windows Server 2016 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-29722
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 35.05%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 17:00
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_external_authentication_serversolarislinux_kernelsterling_secure_proxyhp-uxlinux_on_ibm_zwindowsaixSterling Secure Proxy
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2018-1428
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 7.18%
||
7 Day CHG~0.00%
Published-22 Mar, 2018 | 12:00
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-43851
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.01% / 0.92%
||
7 Day CHG~0.00%
Published-14 Apr, 2025 | 20:39
Updated-15 Aug, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Console information disclosure

IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-aspera_consolewindowslinux_kernelAspera Console
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-34361
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 6.59%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 17:52
Updated-23 Apr, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Secure Proxy information disclosure

IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelsterling_secure_proxylinux_on_ibm_zwindowsaixSterling Secure Proxy
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-43917
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 7.56%
||
7 Day CHG~0.00%
Published-25 Jan, 2023 | 17:17
Updated-31 Mar, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.

Action-Not Available
Vendor-Oracle CorporationHP Inc.Microsoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-3938
Matching Score-6
Assigner-Honeywell International Inc.
ShareView Details
Matching Score-6
Assigner-Honeywell International Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 3.32%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 12:32
Updated-04 Jun, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Cryptographic Step

Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Action-Not Available
Vendor-tridiumTridiumMicrosoft CorporationBlackBerry LimitedLinux Kernel Organization, Inc
Product-niagara_enterprise_securityqnxwindowslinux_kernelniagaraNiagara FrameworkNiagara Enterprise Security
CWE ID-CWE-325
Missing Cryptographic Step
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-35720
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-2.3||LOW
EPSS-0.01% / 0.80%
||
7 Day CHG~0.00%
Published-08 Feb, 2023 | 18:24
Updated-25 Mar, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling External Authentication Server information disclosure

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-sterling_external_authentication_serverlinux_kernelsterling_secure_proxylinux_on_ibm_zwindowsaixSterling Secure ProxySterling External Authentication Server
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-8237
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-1.01% / 76.17%
||
7 Day CHG~0.00%
Published-23 Oct, 2019 | 20:46
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an insufficiently robust encryption vulnerability. Successful exploitation could lead to security feature bypass.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-30187
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.30% / 53.13%
||
7 Day CHG+0.01%
Published-12 Jul, 2022 | 22:37
Updated-08 Jul, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Storage Library Information Disclosure Vulnerability

Azure Storage Library Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_storage_blobsazure_storage_queueAzure Storage Queues client library for PythonAzure Storage Blobs client library for .NETAzure Storage Blobs client library for JavaAzure Storage Blobs client library for PythonAzure Storage Queues client library for .NET
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-24588
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.34% / 56.27%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 00:00
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

Action-Not Available
Vendor-ieeen/aIntel CorporationMicrosoft CorporationDebian GNU/LinuxLinux Kernel Organization, IncCisco Systems, Inc.Arista Networks, Inc.Siemens AG
Product-catalyst_9117_ap_firmwarewebex_room_kit_firmwareip_phone_8861ac_9560_firmwareir829gw-lte-ga-zk9_firmwareac_8265_firmware1100-8pscalance_w786-2_firmwarewindows_10ir829gw-lte-ga-ck9c-100_firmwarecatalyst_9115axe_firmware1109-2p_firmwareproset_ac_9560_firmwaremeraki_z3webex_room_70_single_g2catalyst_9120_ap_firmwareo-90_firmwareaironet_1810_firmwareac_9560killer_wi-fi_6_ax1650_firmwareproset_wireless_7265_\(rev_d\)meraki_gr60_firmware1101-4p_firmwareir829gw-lte-vz-ak9catalyst_9124axicatalyst_9115axicatalyst_9117aximeraki_mr70c-110proset_wi-fi_6_ax201_firmwaremeraki_mr55webex_dx70_firmwaremeraki_mr33_firmwarescalance_w748-1_firmwaremeraki_mx68cw_firmwarewebex_board_85s_firmwarec-110_firmwaremeraki_mr34_firmwaremeraki_mr52ir829-2lte-ea-bk9scalance_w1750dwebex_room_70_dual_firmwareaironet_1810w_firmwareir829gw-lte-ga-sk9_firmwarescalance_w774-1meraki_mx65w_firmwarescalance_w1788-1webex_room_55_dualcatalyst_9120axp_firmwareaironet_1815_firmwarescalance_w786-1meraki_mr42proset_ac_9560c-235c-230c-200_firmwaremeraki_mr86meraki_mr36_firmwarecatalyst_9120axe_firmwareproset_ac_9260_firmwaremeraki_mr32_firmwarec-230_firmwareir829gw-lte-ga-ck9_firmwarewi-fi_6_ax200_firmwaremeraki_mr42_firmwareproset_ac_9462_firmwarewebex_room_kit_mini_firmwaremeraki_mr46eproset_wireless_7265_\(rev_d\)_firmwareaironet_1532killer_wi-fi_6e_ax1675ir829gw-lte-vz-ak9_firmwarecatalyst_9117axi_firmwarewebex_room_70_dual_g2_firmwareir829-2lte-ea-ak9_firmwareproset_wi-fi_6e_ax210_firmwaremeraki_gr10_firmwareaironet_1542i_firmwarescalance_w761-1webex_room_kitmeraki_mr32scalance_w722-1_firmwareaironet_1852meraki_mx68wscalance_wam766-1_6ghz_firmwarecatalyst_9105axiscalance_wam763-1_firmwarescalance_w734-1_firmwarec-235_firmware1109-4pip_phone_8861_firmwaremeraki_mr33webex_board_70swebex_room_kit_miniaironet_1800i_firmwaremeraki_mr76meraki_mr53e_firmwareaironet_18421100-8p_firmwareproset_ac_3165scalance_w788-1_firmwaremeraki_mr46e_firmwaremeraki_mx68w_firmwarekiller_wi-fi_6e_ax1675_firmwaremeraki_mr46_firmwarewebex_dx80scalance_w1788-2_firmwarecatalyst_9130_approset_ac_9462meraki_mr12_firmwareaironet_1542iaironet_1842_firmwaremeraki_mr84webex_room_55_firmwaremeraki_mx67cwir829gw-lte-ga-zk9ip_phone_8821_firmwarecatalyst_9120axpac_8260_firmwarec-250webex_board_55_firmware1100_firmwarescalance_wum763-1_firmwarescalance_w1748-1w-118meraki_mr20_firmwarec-100scalance_w734-1ip_phone_6861scalance_w774-1_firmwarescalance_wum763-1proset_ac_9260catalyst_9105_firmwaremeraki_mx68cwproset_ac_8260catalyst_9120axi_firmwarewebex_room_55_dual_firmwarescalance_w721-1_firmwaremeraki_mr52_firmwarecatalyst_9115_approset_wi-fi_6e_ax210scalance_w1788-2ia_firmwarescalance_wum766-1_6ghzscalance_w721-1meraki_mr46meraki_mr56catalyst_9130_ap_firmwarecatalyst_9130_firmwarescalance_w748-11109-2pwebex_room_55catalyst_9120axemeraki_mr42e_firmwarekiller_wi-fi_6_ax1650meraki_mr55_firmwarekiller_ac_1550_firmwareir829-2lte-ea-ek9catalyst_9115axi_firmwareir829-2lte-ea-ek9_firmwarescalance_w786-2ia_firmwarew-118_firmwareproset_ac_8260_firmwareaironet_1815i_firmwarecatalyst_9117meraki_mr72webex_room_70c-65_firmwarecatalyst_9130axiwindows_rt_8.1webex_dx80_firmwarescalance_w778-1_firmwarescalance_w788-2_firmwarec-120_firmwarecatalyst_9115_firmwareproset_ac_9461_firmwarec-75meraki_mr74_firmwaremeraki_mx67w_firmwaremeraki_gr10aironet_1810windows_server_2019meraki_mx67wmeraki_mr84_firmwaremeraki_mr53ip_phone_8832scalance_w761-1_firmware1100-4p_firmwareaironet_iw3702_firmwarecatalyst_9105axwaironet_1832_firmwarescalance_wum766-1scalance_w1750d_firmwarescalance_wam766-1_6ghzproset_ac_8265catalyst_9130axe_firmwarewebex_dx70c-130_firmwarec-120meraki_mr70_firmwarecatalyst_9105axi_firmwaremeraki_z3cac_9260_firmwarew-68aironet_1832aironet_1815icatalyst_9120_apmeraki_mr26_firmwareip_phone_8865_firmwareip_phone_8865meraki_mr53_firmwareip_phone_8832_firmwaremeraki_mr76_firmwaremeraki_mr34debian_linuxip_phone_6861_firmwarescalance_w1788-2iaaironet_1800imeraki_mr20windows_server_2008scalance_w786-2o-105ir829gw-lte-na-ak9_firmwaremeraki_mr44meraki_mr12meraki_mr66_firmwarecatalyst_9130axi_firmwarescalance_wum766-1_firmwarewi-fi_6_ax200meraki_mr45_firmwarescalance_w778-1webex_room_70_single_firmwarescalance_w1788-1_firmwarescalance_w738-1_firmwaremeraki_z3c_firmwareproset_ac_8265_firmware1101-4paironet_ap803_firmwareir829gw-lte-ga-ek9aironet_1800c-65catalyst_9124_firmware1100-4pmeraki_mr62_firmwarescalance_w1748-1_firmwarecatalyst_9130c-75_firmwareieee_802.11scalance_wum766-1_6ghz_firmwarecatalyst_9115_ap_firmwareo-105_firmwarescalance_w786-2iameraki_mr45catalyst_9120axiscalance_wam763-1ir829gw-lte-na-ak9catalyst_9115axewebex_room_70_firmwareproset_ac_3165_firmwaremeraki_mx65wc-260_firmwarewi-fi_6_ax201windows_7webex_board_55scatalyst_9124axd_firmwarescalance_wam766-1_firmwarec-130meraki_mr53eaironet_1542d_firmwarecatalyst_9105scalance_w738-1scalance_w1788-2proset_ac_3168c-2001109-4p_firmwarewi-fi_6_ax201_firmwarewindows_8.1webex_board_70aironet_1810waironet_iw3702scalance_w722-1ir829-2lte-ea-bk9_firmwarecatalyst_9130axemeraki_z3_firmwarecatalyst_9105axw_firmwarecatalyst_9117_firmwarec-250_firmwarewebex_room_70_single_g2_firmwarewebex_board_55scalance_w786-1_firmwareaironet_1815webex_board_85sc-260webex_room_70_dualaironet_1852_firmwareac_8265proset_ac_3168_firmwarecatalyst_9124axi_firmwareo-90webex_room_70_dual_g2meraki_mr72_firmwarecatalyst_9120_firmwareaironet_ap803meraki_gr60linux_kernelscalance_w788-1catalyst_9117_apmeraki_mr62aironet_1800_firmwaremeraki_mr42ekiller_ac_1550meraki_mr30hwindows_server_2016meraki_mx64w_firmwarewindows_server_2012webex_room_70_singlewebex_board_70_firmwarecatalyst_9124meraki_mr56_firmwaremeraki_mx64ww-68_firmwaremeraki_mr26webex_board_55s_firmwaremeraki_mr86_firmware1100meraki_mx67cw_firmwareac_8260scalance_wam766-1meraki_mr44_firmwareproset_wi-fi_6_ax201scalance_w788-2proset_wi-fi_6_ax200ir829-2lte-ea-ak9ip_phone_8821catalyst_9115ir829gw-lte-ga-sk9mac80211aironet_1542dcatalyst_9120meraki_mr36meraki_mr66catalyst_9124axdproset_wi-fi_6_ax200_firmwaremeraki_mr74ac_9260webex_board_70s_firmwaremeraki_mr30h_firmwareproset_ac_9461ir829gw-lte-ga-ek9_firmwareaironet_1532_firmwaren/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-20950
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.24% / 47.34%
||
7 Day CHG~0.00%
Published-19 Jan, 2021 | 12:22
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.

Action-Not Available
Vendor-microchipn/aLinux Kernel Organization, IncMicrosoft CorporationThe IETF Administration LLC (IETF LLC)Apple Inc.
Product-linux_kernelpublic_key_cryptography_standards_\#1windowsmicrochip_libraries_for_applicationsmacosn/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-1596
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 48.38%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:09
Updated-04 Aug, 2024 | 06:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TLS Information Disclosure Vulnerability

<p>A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel.</p> <p>To exploit the vulnerability, an attacker would have to conduct a man-in-the-middle attack.</p> <p>The update addresses the vulnerability by correcting how TLS components use hash algorithms.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 10 Version 1909Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit Systems
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-38391
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 3.75%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 20:31
Updated-15 Apr, 2025 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Control information disclosure

IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982.

Action-Not Available
Vendor-IBMLinux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-aixspectrum_controlwindowslinux_kernelSpectrum Control
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-51456
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 8.27%
||
7 Day CHG~0.00%
Published-12 Jan, 2025 | 13:26
Updated-28 Mar, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation information disclosure

IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowsrobotic_process_automationRobotic Process Automation
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-780
Use of RSA Algorithm without OAEP
CVE-2021-34687
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.10%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 13:17
Updated-04 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher.

Action-Not Available
Vendor-idriven/aMicrosoft Corporation
Product-windowsremotepcn/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-38320
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 3.02%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 15:43
Updated-18 Aug, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Protect for Virtual Environments: Data Protection for VMware information disclosure

IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationHP Inc.Microsoft CorporationLinux Kernel Organization, IncApple Inc.
Product-storage_protect_for_virtual_environmentslinux_kernelwindowsstorage_protectmacossolarishp-uxaixStorage Protect for Virtual Environments: Data Protection for VMwareStorage Protect Backup-Archive Client
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-20441
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 33.78%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 17:00
Updated-16 Sep, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196617.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowssecurity_verify_bridgeSecurity Verify Bridge
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4937
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.34%
||
7 Day CHG~0.00%
Published-20 Nov, 2020 | 13:50
Updated-17 Sep, 2024 | 04:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_b2b_integratorsolarislinux_kernelihp-uxwindowsaixSterling B2B Integrator
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2017-17428
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-79.61% / 99.05%
||
7 Day CHG~0.00%
Published-05 Mar, 2018 | 18:00
Updated-05 Aug, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

Action-Not Available
Vendor-caviumn/aCisco Systems, Inc.
Product-nitrox_v_ssl_sdknitrox_ssl_sdkadaptive_security_appliance_5510_firmwareadaptive_security_appliance_5505_firmwareace30_application_control_engine_module_firmwareturbossl_sdkadaptive_security_appliance_5520_firmwareocteon_sdkadaptive_security_appliance_5540adaptive_security_appliance_5510ace4710_application_control_engine_firmwarewebex_meetingswebex_conect_imadaptive_security_appliance_5520ace_4710_application_control_engineadaptive_security_appliance_5540_firmwareadaptive_security_appliance_5505adaptive_security_appliance_5550_firmwareocteon_ssl_sdkadaptive_security_appliance_5550ace30_application_control_engine_modulen/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-40006
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-4.6||MEDIUM
EPSS-0.03% / 7.01%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 22:39
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOSEMUI
CWE ID-CWE-254
Not Available
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-41097
Matching Score-4
Assigner-Silicon Labs
ShareView Details
Matching Score-4
Assigner-Silicon Labs
CVSS Score-4.6||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 20:33
Updated-23 Apr, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential Timing vulnerability in CBC PKCS7 padding calculations

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.

Action-Not Available
Vendor-silabssilabs.com
Product-gecko_software_development_kitGSDK
CWE ID-CWE-208
Observable Timing Discrepancy
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-203
Observable Discrepancy
CVE-2019-11341
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 2.46%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 15:00
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.

Action-Not Available
Vendor-n/aGoogle LLCSamsung
Product-phoneandroidn/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-12702
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.43% / 61.68%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 13:58
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process.

Action-Not Available
Vendor-coolkitn/a
Product-ewelinkn/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
  • Previous
  • 1
  • 2
  • Next
Details not found