Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-32753

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-22 Mar, 2024 | 15:26
Updated At-03 Aug, 2024 | 07:46
Rejected At-
Credits

IBM Security Verify Directory information disclosure

IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:22 Mar, 2024 | 15:26
Updated At:03 Aug, 2024 | 07:46
Rejected At:
▼CVE Numbering Authority (CNA)
IBM Security Verify Directory information disclosure

IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444.

Affected Products
Vendor
IBM CorporationIBM
Product
Security Verify Directory
Default Status
unaffected
Versions
Affected
  • 10.0.0
Problem Types
TypeCWE IDDescription
CWECWE-326CWE-326 Inadequate Encryption Strength
Type: CWE
CWE ID: CWE-326
Description: CWE-326 Inadequate Encryption Strength
Metrics
VersionBase scoreBase severityVector
3.14.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 4.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7145001
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/228444
vdb-entry
Hyperlink: https://www.ibm.com/support/pages/node/7145001
Resource:
vendor-advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/228444
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7145001
vendor-advisory
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/228444
vdb-entry
x_transferred
Hyperlink: https://www.ibm.com/support/pages/node/7145001
Resource:
vendor-advisory
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/228444
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:22 Mar, 2024 | 16:15
Updated At:01 Apr, 2024 | 15:29

IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.14.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CPE Matches
IBM Corporation
ibm
>>security_verify_directory>>10.0.0
cpe:2.3:a:ibm:security_verify_directory:10.0.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-326Primarypsirt@us.ibm.com
CWE ID: CWE-326
Type: Primary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/228444psirt@us.ibm.com
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7145001psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/228444
Source: psirt@us.ibm.com
Resource:
VDB Entry
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7145001
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

75Records found
CVE-2022-22464
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-08 Jul, 2022 | 17:45
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-2007
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-29 Apr, 2019 | 16:35
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-1814
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-13 Dec, 2018 | 16:00
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_managerSecurity Access Manager Appliance
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-1665
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-13 Dec, 2018 | 16:00
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower Gateway
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-1785
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.13% / 33.51%
||
7 Day CHG-0.00%
Published-26 Sep, 2018 | 15:00
Updated-16 Sep, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870.

Action-Not Available
Vendor-IBM CorporationApple Inc.
Product-spectrum_protect_clientmacosspectrum_protect_for_virtual_environmentsSpectrum Protect
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-1593
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.05% / 13.31%
||
7 Day CHG~0.00%
Published-02 Oct, 2018 | 15:00
Updated-16 Sep, 2024 | 22:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. IBM X-Force ID: 143568.

Action-Not Available
Vendor-IBM Corporation
Product-multi-cloud_data_encryptionMulti-Cloud Data Encryption
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-1648
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-05 Dec, 2018 | 17:00
Updated-05 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144653.

Action-Not Available
Vendor-n/aIBM Corporation
Product-qradar_incident_forensicsn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-1608
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 34.12%
||
7 Day CHG~0.00%
Published-01 May, 2019 | 15:15
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798.

Action-Not Available
Vendor-IBM Corporation
Product-rational_engineering_lifecycle_managerRational Engineering Lifecycle Manager
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-1545
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-26 Sep, 2018 | 15:00
Updated-17 Sep, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649.

Action-Not Available
Vendor-IBM CorporationApple Inc.
Product-spectrum_protect_clientmacosspectrum_protect_for_virtual_environmentsSpectrum Protect
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-1466
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.06%
||
7 Day CHG~0.00%
Published-17 May, 2018 | 21:00
Updated-16 Sep, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_virtualizestorwize_v3500_firmwarestorwize_v3500spectrum_virtualize_for_public_cloudstorwize_v5000_firmwarestorwize_v7000_firmwarestorwize_v3700_firmwarestorwize_v7000storwize_v9000_firmwarestorwize_v3700storwize_v5000san_volume_controllersan_volume_controller_firmwarestorwize_v9000FlashSystem V9000Spectrum Virtualize for Public CloudStorwize V7000 (2076)SAN Volume ControllerStorwize V5000Spectrum Virtualize SoftwareStorwize V3500Storwize V3700
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-1425
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 35.40%
||
7 Day CHG~0.00%
Published-27 Feb, 2018 | 17:00
Updated-17 Sep, 2024 | 01:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_big_data_intelligenceSecurity Guardium Big Data Intelligence
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-1518
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.95%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 16:00
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_server_on_cloudinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-38984
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:35
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managersecurity_guardium_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-38862
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 18:55
Updated-16 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980.

Action-Not Available
Vendor-IBM Corporation
Product-data_risk_managerData Risk Manager
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-38947
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 17:55
Updated-16 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_copy_data_managementlinux_kernelSpectrum Copy Data Management
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-38983
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.10% / 28.70%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:35
Updated-16 Sep, 2024 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelsecurity_guardium_key_lifecycle_managerwindowssecurity_key_lifecycle_manageraixSecurity Key Lifecycle Manager
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2017-1701
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.81%
||
7 Day CHG~0.00%
Published-23 Apr, 2018 | 13:00
Updated-16 Sep, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393.

Action-Not Available
Vendor-IBM Corporation
Product-rational_collaborative_lifecycle_managementrational_team_concertRational Team Concert
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2017-1713
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-21 Mar, 2019 | 14:35
Updated-16 Sep, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_streamsStreams
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2017-1665
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 34.97%
||
7 Day CHG~0.00%
Published-04 Jan, 2018 | 17:00
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559.

Action-Not Available
Vendor-Debian GNU/LinuxIBM Corporation
Product-security_key_lifecycle_managerdebian_linuxSecurity Key Lifecycle Manager
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2017-1695
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.16% / 37.19%
||
7 Day CHG~0.00%
Published-15 Feb, 2019 | 20:00
Updated-17 Sep, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-24502
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.55%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Electra Central AC unit – Easily calculated password

Electra Central AC unit – The unit opens an AP with an easily calculated password.

Action-Not Available
Vendor-electra-airElectra
Product-central_ac_unit_firmwarecentral_ac_unitElectra Central AC unit
CWE ID-CWE-521
Weak Password Requirements
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-1764
Matching Score-4
Assigner-Canon Inc.
ShareView Details
Matching Score-4
Assigner-Canon Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 2.78%
||
7 Day CHG~0.00%
Published-17 May, 2023 | 00:00
Updated-22 Jan, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software.

Action-Not Available
Vendor-Apple Inc.Canon Inc.
Product-ij_network_toolmacosmac_os_xCanon IJ NW Tool
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-43757
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.68%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 06:21
Updated-02 Aug, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section.

Action-Not Available
Vendor-Elecom Co., Ltd.
Product-wrh-150wh_firmwarewrc-2533ghbk-iwrc-1750ghbk_firmwarewrh-150whwrc-300febkwrc-733ghbk-c_firmwarewrh-300wh2-s_firmwarewrh-h300whlan-wh300ndgpe_firmwarewrc-1167ghbkwrh-150bk_firmwarewrc-1750ghbk2-ilan-wh300ndgpewrc-f300nfwrh-300wh-hwrh-300wh-swrc-733febkwrh-300wh-h_firmwarewrh-300bk-swrc-300ghbk2-i_firmwarewrh-300svwrc-733ghbk-cwrc-300ghbklan-w301nr_firmwarelan-wh300n\/dgp_firmwarewrc-733ghbk-ilan-w300n\/rslan-w300n\/pwrc-1167ghbk2wrh-300bk_firmwarewrc-2533ghbk-i_firmwarewrh-300rd_firmwarewrc-300febk_firmwarewrc-300ghbk2-iwrc-1750ghbk-ewrh-300wh-s_firmwarewrc-f1167acf_firmwarewrc-1167ghbk2_firmwarewrh-300wh_firmwarewrh-300bkwrh-150bkwrc-733ghbklan-w301nrwrh-300wh2-swrc-f300nf_firmwarelan-w300n\/p_firmwarewrh-h300bkwrc-1750ghbk-e_firmwarewrh-300bk-s_firmwarewrc-300ghbk_firmwarewrh-300whwrc-733ghbk_firmwarewrh-300bk2-slan-wh300n\/dgpwrc-733ghbk-i_firmwarewrh-300rdwrh-h300wh_firmwarelan-w300n\/rs_firmwarewrh-300bk2-s_firmwarewrh-h300bk_firmwarewrh-300sv_firmwarewrc-f1167acfwrc-2533ghbk2-t_firmwarewrc-1750ghbk2-i_firmwarewrc-2533ghbk2-twrc-1750ghbkwrc-1167ghbk_firmwarewrc-733febk_firmwareWRH-300WH-HWRH-300SVWRC-300GHBKWRC-733FEBKWRH-H300BKWRC-300FEBKWRH-300BK-SWRC-1750GHBK2-IWRH-300WH2-SLAN-WH300NDGPEWRC-1167GHBK2WRC-2533GHBK-IWRC-733GHBK-CWRH-H300WHWRC-1167GHBKWRC-733GHBKWRH-150BKWRC-1750GHBKWRC-2533GHBK2-TWRH-300RDLAN-W301NRLAN-W300N/RSWRC-1750GHBK-EWRC-F1167ACFWRH-150WHLAN-W300N/PWRH-300WHWRC-733GHBK-IWRH-300BKLAN-WH300N/DGPWRH-300BK2-SWRC-F300NFWRC-300GHBK2-IWRH-300WH-S
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2019-18241
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.29%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 23:25
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay the session and gain unauthorized access to the EC40/80 hub.

Action-Not Available
Vendor-n/aPhilips
Product-intellibridge_ec80intellibridge_ec40intellibridge_ec40_firmwareintellibridge_ec80_firmwarePhilips IntelliBridge EC40 and EC80
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-31459
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.12% / 31.89%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 21:40
Updated-03 Aug, 2024 | 07:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth.

Action-Not Available
Vendor-owllabsn/a
Product-meeting_owl_promeeting_owl_pro_firmwaren/a
CWE ID-CWE-326
Inadequate Encryption Strength
  • Previous
  • 1
  • 2
  • Next
Details not found