Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-28382

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 Jun, 2022 | 00:00
Updated At-03 Aug, 2024 | 05:56
Rejected At-
Credits

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB mode. This operation mode of block ciphers (e.g., AES) always encrypts identical plaintext data, in this case blocks of 16 bytes, to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion, within ECB, can leak sensitive information even in encrypted data. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 Jun, 2022 | 00:00
Updated At:03 Aug, 2024 | 05:56
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB mode. This operation mode of block ciphers (e.g., AES) always encrypts identical plaintext data, in this case blocks of 16 bytes, to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion, within ECB, can leak sensitive information even in encrypted data. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-002.txt
N/A
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-006.txt
N/A
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-010.txt
N/A
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-015.txt
N/A
http://seclists.org/fulldisclosure/2022/Jun/18
mailing-list
http://seclists.org/fulldisclosure/2022/Jun/22
mailing-list
http://seclists.org/fulldisclosure/2022/Jun/9
mailing-list
http://seclists.org/fulldisclosure/2022/Jun/24
mailing-list
http://packetstormsecurity.com/files/167491/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-ECB-Issue.html
N/A
http://packetstormsecurity.com/files/167500/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.html
N/A
http://packetstormsecurity.com/files/167532/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html
N/A
http://packetstormsecurity.com/files/167528/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html
N/A
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-044.txt
N/A
http://seclists.org/fulldisclosure/2022/Oct/4
mailing-list
Hyperlink: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-002.txt
Resource: N/A
Hyperlink: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-006.txt
Resource: N/A
Hyperlink: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-010.txt
Resource: N/A
Hyperlink: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-015.txt
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2022/Jun/18
Resource:
mailing-list
Hyperlink: http://seclists.org/fulldisclosure/2022/Jun/22
Resource:
mailing-list
Hyperlink: http://seclists.org/fulldisclosure/2022/Jun/9
Resource:
mailing-list
Hyperlink: http://seclists.org/fulldisclosure/2022/Jun/24
Resource:
mailing-list
Hyperlink: http://packetstormsecurity.com/files/167491/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-ECB-Issue.html
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/167500/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.html
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/167532/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/167528/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html
Resource: N/A
Hyperlink: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-044.txt
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/4
Resource:
mailing-list
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-002.txt
x_transferred
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-006.txt
x_transferred
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-010.txt
x_transferred
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-015.txt
x_transferred
http://seclists.org/fulldisclosure/2022/Jun/18
mailing-list
x_transferred
http://seclists.org/fulldisclosure/2022/Jun/22
mailing-list
x_transferred
http://seclists.org/fulldisclosure/2022/Jun/9
mailing-list
x_transferred
http://seclists.org/fulldisclosure/2022/Jun/24
mailing-list
x_transferred
http://packetstormsecurity.com/files/167491/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-ECB-Issue.html
x_transferred
http://packetstormsecurity.com/files/167500/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.html
x_transferred
http://packetstormsecurity.com/files/167532/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html
x_transferred
http://packetstormsecurity.com/files/167528/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html
x_transferred
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-044.txt
x_transferred
http://seclists.org/fulldisclosure/2022/Oct/4
mailing-list
x_transferred
Hyperlink: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-002.txt
Resource:
x_transferred
Hyperlink: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-006.txt
Resource:
x_transferred
Hyperlink: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-010.txt
Resource:
x_transferred
Hyperlink: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-015.txt
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2022/Jun/18
Resource:
mailing-list
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2022/Jun/22
Resource:
mailing-list
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2022/Jun/9
Resource:
mailing-list
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2022/Jun/24
Resource:
mailing-list
x_transferred
Hyperlink: http://packetstormsecurity.com/files/167491/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-ECB-Issue.html
Resource:
x_transferred
Hyperlink: http://packetstormsecurity.com/files/167500/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.html
Resource:
x_transferred
Hyperlink: http://packetstormsecurity.com/files/167532/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html
Resource:
x_transferred
Hyperlink: http://packetstormsecurity.com/files/167528/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html
Resource:
x_transferred
Hyperlink: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-044.txt
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/4
Resource:
mailing-list
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 Jun, 2022 | 16:15
Updated At:08 Aug, 2023 | 14:22

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB mode. This operation mode of block ciphers (e.g., AES) always encrypts identical plaintext data, in this case blocks of 16 bytes, to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion, within ECB, can leak sensitive information even in encrypted data. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
verbatim
verbatim
>>keypad_secure_usb_3.2_gen_1_firmware>>Versions up to 2022-03-31(inclusive)
cpe:2.3:o:verbatim:keypad_secure_usb_3.2_gen_1_firmware:*:*:*:*:*:*:*:*
verbatim
verbatim
>>keypad_secure_usb_3.2_gen_1>>-
cpe:2.3:h:verbatim:keypad_secure_usb_3.2_gen_1:-:*:*:*:*:*:*:*
verbatim
verbatim
>>store_\'n\'_go_secure_portable_hdd_firmware>>Versions up to 2022-03-31(inclusive)
cpe:2.3:o:verbatim:store_\'n\'_go_secure_portable_hdd_firmware:*:*:*:*:*:*:*:*
verbatim
verbatim
>>store_\'n\'_go_secure_portable_hdd>>-
cpe:2.3:h:verbatim:store_\'n\'_go_secure_portable_hdd:-:*:*:*:*:*:*:*
verbatim
verbatim
>>executive_fingerprint_secure_ssd_firmware>>Versions up to 2022-03-31(inclusive)
cpe:2.3:o:verbatim:executive_fingerprint_secure_ssd_firmware:*:*:*:*:*:*:*:*
verbatim
verbatim
>>executive_fingerprint_secure_ssd>>-
cpe:2.3:h:verbatim:executive_fingerprint_secure_ssd:-:*:*:*:*:*:*:*
verbatim
verbatim
>>fingerprint_secure_portable_hard_drive_firmware>>Versions up to 2022-03-31(inclusive)
cpe:2.3:o:verbatim:fingerprint_secure_portable_hard_drive_firmware:*:*:*:*:*:*:*:*
verbatim
verbatim
>>fingerprint_secure_portable_hard_drive>>-
cpe:2.3:h:verbatim:fingerprint_secure_portable_hard_drive:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-327Primarynvd@nist.gov
CWE ID: CWE-327
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://packetstormsecurity.com/files/167491/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-ECB-Issue.htmlcve@mitre.org
Exploit
Mailing List
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/167500/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.htmlcve@mitre.org
Exploit
Mailing List
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/167528/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.htmlcve@mitre.org
Exploit
Mailing List
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/167532/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.htmlcve@mitre.org
Exploit
Mailing List
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2022/Jun/18cve@mitre.org
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/22cve@mitre.org
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/24cve@mitre.org
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/9cve@mitre.org
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/4cve@mitre.org
Mailing List
Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-002.txtcve@mitre.org
Exploit
Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-006.txtcve@mitre.org
Exploit
Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-010.txtcve@mitre.org
Exploit
Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-015.txtcve@mitre.org
Exploit
Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-044.txtcve@mitre.org
Exploit
Third Party Advisory
Hyperlink: http://packetstormsecurity.com/files/167491/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-ECB-Issue.html
Source: cve@mitre.org
Resource:
Exploit
Mailing List
Third Party Advisory
VDB Entry
Hyperlink: http://packetstormsecurity.com/files/167500/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.html
Source: cve@mitre.org
Resource:
Exploit
Mailing List
Third Party Advisory
VDB Entry
Hyperlink: http://packetstormsecurity.com/files/167528/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html
Source: cve@mitre.org
Resource:
Exploit
Mailing List
Third Party Advisory
VDB Entry
Hyperlink: http://packetstormsecurity.com/files/167532/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html
Source: cve@mitre.org
Resource:
Exploit
Mailing List
Third Party Advisory
VDB Entry
Hyperlink: http://seclists.org/fulldisclosure/2022/Jun/18
Source: cve@mitre.org
Resource:
Exploit
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2022/Jun/22
Source: cve@mitre.org
Resource:
Exploit
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2022/Jun/24
Source: cve@mitre.org
Resource:
Exploit
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2022/Jun/9
Source: cve@mitre.org
Resource:
Exploit
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/4
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-002.txt
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-006.txt
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-010.txt
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-015.txt
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-044.txt
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

201Records found
CVE-2019-0688
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-10.30% / 92.87%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:15
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019WindowsWindows Server
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-39082
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 34.00%
||
7 Day CHG~0.00%
Published-29 Apr, 2022 | 16:00
Updated-17 Sep, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-38933
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 6.42%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 01:22
Updated-21 Oct, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Connect:Express for UNIX information disclosure

IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-aixsterling_connect\solarislinux_kernelSterling Connect:Express for UNIX
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-1999-0007
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.12% / 89.45%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information from SSL-encrypted sessions via PKCS #1.

Action-Not Available
Vendor-ssleayc2netn/aMicrosoft CorporationNetscape (Yahoo Inc.)HP Inc.
Product-fasttrack_servercollabra_serverproxy_serverexchange_servermessaging_servercertificate_serverssleaystonghold_web_serveropen_market_secure_webserverinternet_information_serversite_serverdirectory_serverenterprise_servern/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-27255
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 7.02%
||
7 Day CHG~0.00%
Published-03 Mar, 2024 | 11:54
Updated-23 Dec, 2024 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ Container information disclosure

IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905.

Action-Not Available
Vendor-IBM Corporation
Product-mq_operatorMQ Operator
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2018-6829
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.20% / 78.08%
||
7 Day CHG-0.06%
Published-07 Feb, 2018 | 23:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

Action-Not Available
Vendor-gnupgn/a
Product-libgcryptn/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-39002
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 16.06%
||
7 Day CHG~0.00%
Published-09 Dec, 2021 | 17:00
Updated-16 Sep, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncNetApp, Inc.Oracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixoncommand_insightDB2 for Linux, UNIX and Windows
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-8260
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.3||LOW
EPSS-0.01% / 1.40%
||
7 Day CHG~0.00%
Published-28 Jul, 2025 | 06:02
Updated-31 Jul, 2025 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vaelsys MD4 Hash vgrid_server.php weak hash

A vulnerability has been found in Vaelsys 4.1.0 and classified as problematic. This vulnerability affects unknown code of the file /grid/vgrid_server.php of the component MD4 Hash Handler. The manipulation of the argument xajaxargs leads to use of weak hash. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-vaelsysn/a
Product-vaelsysVaelsys
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-328
Use of Weak Hash
CVE-2018-5458
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 14:00
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information.

Action-Not Available
Vendor-Philips
Product-intellispace_portalPhilips IntelliSpace Portal
CWE ID-CWE-310
Not Available
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-27256
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 6.81%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 16:27
Updated-18 Aug, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ Operator information disclosure

IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-mq_operatorsupplied_mq_advanced_container_imagesMQ Operator
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2016-0923
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.58% / 67.84%
||
7 Day CHG~0.00%
Published-18 Sep, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used.

Action-Not Available
Vendor-n/aDell Inc.
Product-bsafen/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-25963
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 39.28%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 18:32
Updated-09 Jan, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSemc_powerscale_onefs
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-25968
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 36.40%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 06:32
Updated-09 Jan, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2009-2273
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.05% / 15.23%
||
7 Day CHG~0.00%
Published-01 Jul, 2009 | 12:26
Updated-07 Aug, 2024 | 05:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-d100_firmwared100n/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-22314
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 4.20%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 16:17
Updated-19 Aug, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Defender - Resiliency Service information disclosure

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-storage_defender_resiliency_serviceStorage Defender - Resiliency Service
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-22361
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 8.84%
||
7 Day CHG~0.00%
Published-10 Feb, 2024 | 15:13
Updated-19 Aug, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Semeru Runtime information disclosure

IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222.

Action-Not Available
Vendor-IBM Corporation
Product-semeru_runtimeSemeru Runtime
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-22347
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 4.96%
||
7 Day CHG~0.00%
Published-20 Jan, 2025 | 17:41
Updated-14 Aug, 2025 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM UrbanCode Velocity information disclosure

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-devops_velocityurbancode_velocityDevOps VelocityUrbanCode Velocity
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-38921
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 17:55
Updated-16 Sep, 2024 | 22:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-37546
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.04%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 13:24
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-5627
Matching Score-4
Assigner-Moxa Inc.
ShareView Details
Matching Score-4
Assigner-Moxa Inc.
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.49%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 15:04
Updated-05 Sep, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Implementation of Authentication Algorithm Vulnerability

A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.

Action-Not Available
Vendor-Moxa Inc.
Product-nport_6610-32_firmwarenport_6650-32-hv-t_firmwarenport_6450_firmwarenport_6650-8_firmwarenport_6650-16-t_firmwarenport_6250-s-sc_firmwarenport_6150nport_6610-8-48vnport_6650-16-hv-tnport_6650-32-hv-tnport_6650-8-tnport_6250nport_6610-16_firmwarenport_6450-t_firmwarenport_6250_firmwarenport_6610-16-48vnport_6150_firmwarenport_6250-s-sc-tnport_6650-8-hv-tnport_6250-m-sc-t_firmwarenport_6650-16-tnport_6650-32-48v_firmwarenport_6650-32-48vnport_6450nport_6610-8_firmwarenport_6610-32-48v_firmwarenport_6650-16-hv-t_firmwarenport_6450-tnport_6150-t_firmwarenport_6250-tnport_6250-s-sc-t_firmwarenport_6250-s-scnport_6610-32-48vnport_6610-32nport_6250-t_firmwarenport_6650-8-48vnport_6650-8-hv-t_firmwarenport_6610-16-48v_firmwarenport_6650-16-48v_firmwarenport_6250-m-sc_firmwarenport_6610-8nport_6150-tnport_6650-16nport_6650-8nport_6650-16_firmwarenport_6610-16nport_6650-32_firmwarenport_6650-8-48v_firmwarenport_6650-8-t_firmwarenport_6650-16-48vnport_6650-32nport_6250-m-sc-tnport_6610-8-48v_firmwarenport_6250-m-scNPort 6000 Seriesnport_6000
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CWE ID-CWE-257
Storing Passwords in a Recoverable Format
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-287
Improper Authentication
CVE-2023-51838
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.64%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 00:00
Updated-16 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.

Action-Not Available
Vendor-meshcentraln/a
Product-meshcentraln/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-50350
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-8.2||HIGH
EPSS-0.03% / 8.49%
||
7 Day CHG~0.00%
Published-03 Jan, 2024 | 01:50
Updated-18 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A broken cryptographic algorithm impacts MyXalytics

HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-dryice_myxalyticsDRYiCE MyXalytics
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-50939
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 7.02%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 23:53
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM PowerSC information Disclosure

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129.

Action-Not Available
Vendor-IBM Corporation
Product-powerscPowerSCpowersc
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-50481
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.27%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js.

Action-Not Available
Vendor-blinksocksn/a
Product-blinksocksn/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2018-1720
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-25 Apr, 2019 | 14:36
Updated-16 Sep, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0.0, and 6.0.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 147294.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-50937
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 7.02%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 00:10
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM PowerSC information disclosure

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117.

Action-Not Available
Vendor-IBM Corporation
Product-powerscPowerSCpowersc
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-33018
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.62%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-16 Apr, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips Vue PACS Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information.

Action-Not Available
Vendor-Philips
Product-myvuevue_motionspeechvue_pacsVue MotionVue PACSVue SpeechVue MyVue
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-49259
Matching Score-4
Assigner-CERT.PL
ShareView Details
Matching Score-4
Assigner-CERT.PL
CVSS Score-7.5||HIGH
EPSS-0.04% / 12.93%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 14:25
Updated-20 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bruteforcing authentication cookie for a given user

The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.

Action-Not Available
Vendor-hongdianHongdian
Product-h8951-4g-esph8951-4g-esp_firmwareH8951-4G-ESP
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-341
Predictable from Observable State
CVE-2021-31352
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.96%
||
7 Day CHG~0.00%
Published-19 Oct, 2021 | 18:16
Updated-16 Sep, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SRC Series: NETCONF over SSH allows negotiation of weak ciphers

An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-session_and_resource_controlSRC Series
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-29723
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 35.03%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 17:00
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_external_authentication_serversolarislinux_kernelsterling_secure_proxyhp-uxlinux_on_ibm_zwindowsaixSterling Secure Proxy
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-29794
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 16:05
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 203556.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_netcool\/impactTivoli Netcool Impact
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-43851
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.01% / 0.91%
||
7 Day CHG~0.00%
Published-14 Apr, 2025 | 20:39
Updated-15 Aug, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Console information disclosure

IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-aspera_consolewindowslinux_kernelAspera Console
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-29704
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-23 Aug, 2021 | 16:05
Updated-16 Sep, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-resilient_security_orchestration_automation_and_responseSecurity
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-43843
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.89%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 00:41
Updated-03 Aug, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Scale information disclosure

IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleSpectrum Scale
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-29722
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 35.03%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 17:00
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_external_authentication_serversolarislinux_kernelsterling_secure_proxyhp-uxlinux_on_ibm_zwindowsaixSterling Secure Proxy
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-4331
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.68%
||
7 Day CHG~0.00%
Published-15 Aug, 2023 | 18:25
Updated-08 Oct, 2024 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols

Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols

Action-Not Available
Vendor-Intel CorporationBroadcom Inc.
Product-raid_controller_web_interfaceLSI Storage Authority (LSA)RAID Web Console 3 (RWC3)raid_web_console_3lsi_storage_authority
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-27756
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.91%
||
7 Day CHG~0.00%
Published-04 Mar, 2022 | 21:18
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."

Action-Not Available
Vendor-n/aHCL Technologies Ltd.
Product-bigfix_compliance"BigFix Compliance Server"
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-41097
Matching Score-4
Assigner-Silicon Labs
ShareView Details
Matching Score-4
Assigner-Silicon Labs
CVSS Score-4.6||MEDIUM
EPSS-0.11% / 29.41%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 20:33
Updated-23 Apr, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential Timing vulnerability in CBC PKCS7 padding calculations

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.

Action-Not Available
Vendor-silabssilabs.com
Product-gecko_software_development_kitGSDK
CWE ID-CWE-208
Observable Timing Discrepancy
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-25763
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.04%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 15:22
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-ktorn/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-38730
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 9.99%
||
7 Day CHG~0.00%
Published-27 Aug, 2023 | 22:10
Updated-30 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Copy Data Management information disclosure

IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 262268.

Action-Not Available
Vendor-IBM Corporation
Product-storage_copy_data_managementSpectrum Copy Data Management
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-2539
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-16.57% / 94.65%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 11:11
Updated-11 Aug, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read

The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read the contents of arbitrary files on the server, which can contain sensitive information.

Action-Not Available
Vendor-file_away_projectthomstark
Product-file_awayFile Away
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-43949
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 28.70%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 08:41
Updated-22 Oct, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisiemFortiSIEM
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2018-1000180
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.64%
||
7 Day CHG~0.00%
Published-05 Jun, 2018 | 13:00
Updated-12 May, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

Action-Not Available
Vendor-bouncycastlen/aDebian GNU/LinuxNetApp, Inc.Red Hat, Inc.Oracle Corporation
Product-enterprise_linuxfips_java_apicommunications_webrtc_session_controllerapi_gatewayretail_convenience_and_fuel_pos_softwarejboss_enterprise_application_platformcommunications_application_session_controllervirtualizationretail_xstore_point_of_servicepeoplesoft_enterprise_peopletoolsdebian_linuxsoa_suiteweblogic_serverenterprise_repositorycommunications_converged_application_servermanaged_file_transferbusiness_process_management_suitebc-javawebcenter_portaloncommand_workflow_automationbusiness_transaction_managementn/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-24007
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.02% / 3.34%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-13 May, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Affected devices only provide weak password obfuscation. An attacker with network access could retrieve and de-obfuscate the safety password used for protection against inadvertent operating errors.

Action-Not Available
Vendor-Siemens AG
Product-SIRIUS 3RK3 Modular Safety System (MSS)SIRIUS Safety Relays 3SK2
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-22475
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-3.7||LOW
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 02:19
Updated-07 Feb, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect DD
CWE ID-CWE-1240
Use of a Cryptographic Primitive with a Risky Implementation
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2017-9859
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.88%
||
7 Day CHG~0.00%
Published-05 Aug, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor's position is that "we consider the probability of the success of such manipulation to be extremely low." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

Action-Not Available
Vendor-sman/a
Product-sunny_central_storage_800sunny_central_630cp_xt_firmwaresunny_boy_5000tlsunny_boy_5.0_firmwaresunny_boy_3600sunny_boy_3600tlsunny_boy_3.0_firmwaresunny_central_storage_800_firmwaresunny_central_800cp_xt_firmwaresunny_tripower_25000tlsunny_boy_3600_firmwaresunny_central_720cp_xt_firmwaresunny_central_storage_500sunny_tripower_25000tl_firmwaresunny_central_2200_firmwaresunny_tripower_5000tlsunny_tripower_20000tl_firmwaresunny_central_storage_850sunny_central_storage_900_firmwaresunny_tripower_15000tl_firmwaresunny_central_storage_720_firmwaresunny_tripower_12000tlsunny_central_storage_2200sunny_tripower_60_firmwaresunny_central_760cp_xtsunny_boy_4.0_firmwaresunny_central_storage_2500-evsunny_central_850cp_xt_firmwaresunny_central_500cp_xt_firmwaresunny_boy_5000sunny_boy_1.5sunny_central_800cp_xtsunny_central_storage_1000_firmwaresunny_tripower_20000tlsunny_central_storage_2200_firmwaresunny_central_storage_850_firmwaresunny_central_storage_630_firmwaresunny_central_storage_760_firmwaresunny_boy_3.6sunny_central_storage_630sunny_central_500cp_xtsunny_tripower_core1_firmwaresunny_central_720cp_xtsunny_tripower_core1sunny_central_storage_500_firmwaresunny_boy_4000tlsunny_central_630cp_xtsunny_boy_3600tl_firmwaresunny_boy_4.0sunny_boy_2.5sunny_central_storage_760sunny_central_760cp_xt_firmwaresunny_tripower_15000tlsunny_boy_storage_2.5sunny_boy_5000_firmwaresunny_central_storage_900sunny_boy_1.5_firmwaresunny_boy_3000tlsunny_boy_2.5_firmwaresunny_boy_4000tl_firmwaresunny_central_storage_1000sunny_boy_storage_2.5_firmwaresunny_tripower_5000tl_firmwaresunny_tripower_60sunny_central_900cp_xt_firmwaresunny_boy_5000tl_firmwaresunny_central_storage_2500-ev_firmwaresunny_central_2200sunny_boy_3.0sunny_central_1000cp_xt_firmwaresunny_central_storage_720sunny_boy_5.0sunny_boy_3.6_firmwaresunny_central_850cp_xtsunny_central_900cp_xtsunny_tripower_12000tl_firmwaresunny_boy_3000tl_firmwaresunny_central_1000cp_xtn/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-43917
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 7.53%
||
7 Day CHG~0.00%
Published-25 Jan, 2023 | 17:17
Updated-31 Mar, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.

Action-Not Available
Vendor-Oracle CorporationHP Inc.Microsoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-20479
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-09 May, 2022 | 16:35
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_systemCloud Pak System
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-20497
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.32%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 17:15
Updated-17 Sep, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969

Action-Not Available
Vendor-IBM CorporationDocker, Inc.
Product-security_verify_accessdockerSecurity Verify Access Docker
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-20419
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 28.43%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 13:55
Updated-16 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196280.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found