Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-28021

Summary
Assigner-HCL
Assigner Org ID-1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At-18 Jul, 2023 | 18:55
Updated At-21 Oct, 2024 | 15:35
Rejected At-
Credits

BigFix WebUI is vulnerable to use of a risky cryptographic algorithm

The BigFix WebUI uses weak cipher suites.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:HCL
Assigner Org ID:1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At:18 Jul, 2023 | 18:55
Updated At:21 Oct, 2024 | 15:35
Rejected At:
▼CVE Numbering Authority (CNA)
BigFix WebUI is vulnerable to use of a risky cryptographic algorithm

The BigFix WebUI uses weak cipher suites.

Affected Products
Vendor
HCL Technologies Ltd.HCL Software
Product
HCL BigFix WebUI
Default Status
unaffected
Versions
Affected
  • All
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123
N/A
Hyperlink: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123
x_transferred
Hyperlink: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@hcl.com
Published At:18 Jul, 2023 | 19:15
Updated At:27 Jul, 2023 | 03:56

The BigFix WebUI uses weak cipher suites.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
HCL Technologies Ltd.
hcltech
>>bigfix_webui>>-
cpe:2.3:a:hcltech:bigfix_webui:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-326Primarynvd@nist.gov
CWE ID: CWE-326
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123psirt@hcl.com
Vendor Advisory
Hyperlink: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123
Source: psirt@hcl.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

130Records found
CVE-2011-3629
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 12:21
Updated-06 Aug, 2024 | 23:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Joomla! core 1.7.1 allows information disclosure due to weak encryption

Action-Not Available
Vendor-Joomla!
Product-joomla\!Joomla! core
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-36539
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.06%
||
7 Day CHG~0.00%
Published-30 Jun, 2023 | 02:01
Updated-28 Oct, 2024 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-poly_ccx_700yealink_mp56_firmwareyealink_mp54_firmwareyealink_vp59_firmwarevideo_software_development_kitroomsyealink_mp56meetingszoomyealink_mp54poly_ccx_700_firmwarepoly_ccx_600poly_ccx_600_firmwareyealink_vp59Zoom clients
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-325
Missing Cryptographic Step
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-38891
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 19:15
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-sterling_connect\solarislinux_kernelwindowsaixConnect:Direct Web Services
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-33982
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 00:00
Updated-16 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol.

Action-Not Available
Vendor-briarprojectn/a
Product-briarn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2025-20667
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.12%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 02:49
Updated-12 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01513293; Issue ID: MSV-2741.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6877mt6765mt8765mt6886mt6983tnr15mt6875mt6781mt6877tmt6853tmt6765tmt6890mt6896mt8676mt6813mt6985tmt6769mt6833pmt6762mt6779mt6899nr17mt6875tmt6835mt6763mt6983mt6761lr13mt8788emt6855mt6762dmt6769tmt6990mt8667mt2735mt6989nr17rmt6835tmt6789mt6785tnr16mt8789mt8771mt6769kmt8768mt6879mt6889mt6833mt6873mt6878mt8675mt8791tmt2737lr12amt6767mt6771mt6878mmt8797mt8666mt8766mt8781mt6989tmt6783mt6893mt6769zmt6769smt6785mt6855tmt6895mt6891mt6877ttmt6980dmt6739mt6762mmt6991mt6880mt6883mt6980mt8786mt6885mt6985mt8788mt6897mt6895ttmt6768mt6853mt8791mt6785uMT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8675, MT8676, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791, MT8791T, MT8797
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-29249
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.69%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 15:15
Updated-23 Apr, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reversible One-Way Hash and Use of a Broken or Risky Cryptographic Algorithm in io.github.javaezlib.JavaEZ

JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. The vulnerability has been patched in release 1.7. Currently, there is no way to fix the issue without upgrading.

Action-Not Available
Vendor-javaez_projectJavaEZLib
Product-javaezJavaEZ
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-328
Use of Weak Hash
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-3131
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 36.90%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 15:46
Updated-03 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter.

Action-Not Available
Vendor-1cn/a
Product-1c\n/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-8455
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.1||HIGH
EPSS-0.10% / 29.00%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 07:24
Updated-04 Oct, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PLANET Technology switch devices - Swctrl service exchanges weakly encoded passwords

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.

Action-Not Available
Vendor-planetPLANET Technologyplanet_technology_corp
Product-gs-4210-24p2sgs-4210-24p2s_firmwareigs-5225-4up1t2sgs-4210-24pl4cgs-4210-24pl4c_firmwareigs-5225-4up1t2s_firmwareGS-4210-24P2S hardware 3.0IGS-5225-4UP1T2S hardware 1.0GS-4210-24PL4C hardware 2.0gs-4210-24pl4c_hardware_2.0gs-4210-24pl4c_hardware_3.0igs-5225-4up1t2s_hardware_1.0
CWE ID-CWE-261
Weak Encoding for Password
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-54089
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.02% / 3.76%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 10:29
Updated-12 Feb, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain a weak encryption mechanism based on a hard-coded key. This could allow an attacker to guess or decrypt the password from the cyphertext.

Action-Not Available
Vendor-Siemens AG
Product-APOGEE PXC Series (P2 Ethernet)APOGEE PXC Series (BACnet)TALON TC Series (BACnet)
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-1545
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-26 Sep, 2018 | 15:00
Updated-17 Sep, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649.

Action-Not Available
Vendor-IBM CorporationApple Inc.
Product-spectrum_protect_clientmacosspectrum_protect_for_virtual_environmentsSpectrum Protect
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-2443
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.19%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 18:08
Updated-24 Jan, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Rockwell Automation ThinManager product allows the use of medium strength ciphers.  If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-thinmanagerThinManager
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-2758
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 13.54%
||
7 Day CHG~0.00%
Published-31 Aug, 2022 | 15:33
Updated-16 Apr, 2025 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Update

Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic.

Action-Not Available
Vendor-LS ELECTRIC Co. Ltd.
Product-xgk-cpuu_firmwarexbc-dr28uaxgk-cpusnxbm-dn32s_firmwarexgf-rd8axbc-dn\(p\)32uxec-dn\(p\)32up\/dcxgl-ch2b_firmwarexgl-ch2bxbf-pd02axec-dr32h\/d1xgi-cpuu\/d_firmwarexgi-cpuun_firmwarexgq-tr4bxbc-dr30e_firmwarexem-dn32h2_firmwarexec-dp64hxgl-psraxbc-dn60suxgi-d22b_firmwarexec-dr40su_firmwarexgf-tc4sxbf-ah04a_firmwarexbc-dn\(p\)32ua_firmwarexgf-ho2a_firmwarexbe-tp32a_firmwarexgk-xpuhxbc-dr28u_firmwarexbf-ho02a_firmwarexbc-dr32h_firmwarexbe-dc16axbc-dr10exgf-dl16a_firmwarexbm-dn32sxbc-dp30su_firmwarexec-dr64h\/di_firmwarexgq-tr1c_firmwarexgf-po4hxec-dn\(p\)32ua\/dc_firmwarexgi-d28b_firmwarexgl-c22bxgf-ad16a_firmwarexec-dp20suxec-dr14e_firmwarexbc-dn20exbc-dp60suxgf-tc4s_firmwarexgf-dv4axgf-po3hxbc-dp30exgf-dv8axbo-dc04a_firmwarexgf-hd2a_firmwarexgf-pd2h_firmwarexbc-dn\(p\)32u_firmwarexgl-dmeb_firmwarexgq-ry2axgf-h08axgf-po4h_firmwarexec-dr28upxbc-dn\(p\)32upk80sxbm-dn32hpxbe-dr16axec-dn\(p\)32uaxbf-ad08a_firmwarexbc-dr20suxbc-dn40su_firmwarexgf-av8a_firmwarexbm-dn32hp_firmwarexgf-po1hxgk-cpuaxbc-dp20su_firmwarexbc-dp14exgl-efmfbxbc-dr28uxgl-c22b_firmwarexgi-cpus_firmwarexgi-d22axgf-dv4sxgq-tr8bxbc-dn\(p\)32ua\/dcxbc-dr32hxbm-dp16s_firmwarexbm-dn16sxbo-dc04axec-dp30suxec-dp64h_firmwarexbc-dn14exgl-c42bxgi-d22bxgl-pseaxbo-da02axgf-av8axbc-dr28u\/dc_firmwarexbf-tc04s_firmwarexem-dn32hpxbf-dc04a_firmwarexbc-dr28up\/dcxec-dr28u_firmwarexec-dr40suxec-dp40su_firmwarexgi-d28bxbc-dn20e_firmwarexec-dp40suxgi-cpusxec-dn\(p\)32uxec-dn20e_firmwarexgf-pn4bxgk-cpuh_firmwarexbc-dn64h_firmwarexgf-ah6axbf-ad04cxgf-m32e_firmwarexbe-dc16b_firmwarexbc-dr28ua_firmwarexbe-tn32a_firmwarexec-dn\(p\)32u\/dcxgf-ac4hxbe-ac08axgl-psea_firmwarexgl-dmebxec-dp60suxgi-cpuh_firmwarexbc-dp40suxbc-dr64h\/dcxbf-pn08b_firmwarexbc-dn\(p\)32u\/dcxgf-ad16axgf-dc4h_firmwarexgf-dc4s_firmwarexgq-tr8axec-dn20su_firmwarexbc-dn32h_firmwarexbc-dr28ua\/dck120sxbm-dp32hpk120s_firmwarexbc-dp40su_firmwarexgi-a21c_firmwarexec-dp10e_firmwarexec-dr28ua\/dc_firmwarexbf-dc04axbe-dr32axgf-dc8axbc-dn32hxbo-ah02a_firmwarexec-dr64h\/dixgf-pd3hxbe-tn16axgi-a21cxbe-dr16a_firmwarexem-dn32h2xbc-dr30su_firmwarexec-dr28u\/dcxgf-rd4axgi-d24axbc-dn60su_firmwarexgf-dc4a_firmwarexbo-m2mb_firmwarexgi-d24bk80s_firmwarexbc-dr28up\/dc_firmwarexgi-cpuuxec-dn10e_firmwarexbc-dn64h\/dc_firmwarexec-dn\(p\)32ua\/dcxec-dp14e_firmwarexgq-tr2a_firmwarexec-dn14exgf-po1h_firmwarexec-dr28ua_firmwarexec-dr28up\/dcxgk-cpus_firmwaregm7xec-dr64hxgf-po2h_firmwarexgf-dc4sxbf-tc04rtxgk-cpuuxbe-dc08axgl-efmtb_firmwarexbe-ry08bxbo-m2mbxbc-dn40suxbc-dr60su_firmwarexbc-dn20suxbe-tn08axbc-dr28upxbf-tc04ttxbg-pn04bxgi-d24a_firmwarexgf-rd4a_firmwarexec-dn20suxgq-ss2axbc-dr28ua\/dc_firmwarexec-dn\(p\)32upxbe-tp16axec-dr32h_firmwarexec-dr28up\/dc_firmwarexem-dp32hp_firmwarexgf-rd8a_firmwarexec-dr30e_firmwarexbf-dc04cxbo-rtcaxbc-dr30exbc-dp10e_firmwarexbc-dn64hxec-dr30exgi-a12axbg-pn08bxbf-pn04bxec-dr64h\/d1xbc-dr28u\/dcgm7u_firmwarexgf-dc4hxgf-pd1hxec-dp30e_firmwarexbc-dn32h\/dcxgl-pmebxec-dr32h\/dixec-dn\(p\)32ua_firmwarexec-dn64h_firmwarexbc-dr32h\/dcxec-dr64h\/d1_firmwarexgi-d21axec-dp32hxgf-po3h_firmwarexec-dr20exec-dp14exec-dn\(p\)32u\/dc_firmwarexec-dr64h_firmwarexec-dr60suxgi-a21axbf-pn08bxgf-rd4s_firmwarexbo-da02a_firmwarexec-dr20su_firmwarexgr-cpuh\/fxgf-aw4s_firmwarexgq-ry1a_firmwarexec-dr32hxgl-pmeb_firmwarexgf-tc4ud_firmwarexbe-ac08a_firmwarexbc-dp60su_firmwarexbc-dp20e_firmwarexgr-cpuh\/t_firmwarexbe-tn08a_firmwarexgf-pd3h_firmwarexec-dn\(p\)32u_firmwarexgi-cpuhxbe-tn16a_firmwarexgf-rd4sxbo-ad02axgf-dc4axgf-ah6a_firmwarexem-dp32h2xbc-dn\(p\)32up_firmwarexgf-dv8a_firmwarexec-dn30su_firmwarexgk-cpuhnxgf-pd2hxbc-dp14e_firmwarexec-dr10e_firmwarexbc-dn\(p\)32up\/dc_firmwarexec-dr20suxec-dr60su_firmwarexgf-ac8axgf-tc4rt_firmwarexgf-pd4h_firmwarexgi-cpuunxbc-dp20suxbf-ad08axgk-cpuhxbo-ah02axbc-dr60suxbf-ho02axgf-ho2axbc-dn10e_firmwarexbc-dn30e_firmwaregm7uxbf-ad04c_firmwarexgk-cpuexgq-tr8a_firmwarexbm-dp32hp_firmwarexbf-hd02a_firmwarexec-dn40su_firmwarexec-dn30exec-dp32h_firmwarexgq-ry2b_firmwarexbe-tn32axbc-dr20su_firmwarexgq-ry1axgq-tr4b_firmwarexgf-soea_firmwarexbf-pn04b_firmwarexgq-tr2b_firmwarexgr-cpuh\/txgr-cpuh\/f_firmwarexec-dp20e_firmwarexec-dn\(p\)32up_firmwarexbe-ry08a_firmwarexgf-m32exgf-pn8a_firmwarexbo-rd01axbc-dr20e_firmwarexbc-dn32h\/dc_firmwarexec-dn32h_firmwarexec-dr32h\/di_firmwarexgi-a21a_firmwarexbf-hd02axbo-ad02a_firmwarexbo-tc02axec-dn10exbc-dp20exgq-tr4axec-dr32h\/d1_firmwarexec-dr20e_firmwarexec-dr30suxgf-pn8bxbc-dp30suxgf-tc4udxbc-dn30su_firmwarexbe-tp16a_firmwarexbo-rtca_firmwarexgf-dl16axgq-ry2a_firmwarexgf-dc8a_firmwarexec-dr14exbg-pn08b_firmwarexgk-xpuh_firmwarexec-dp30su_firmwarexbc-dn\(p\)32up\/dcxgi-a12a_firmwarexbe-dc16bxbe-dc16a_firmwarexec-dn20exbm-dn32h2_firmwarexgi-d24b_firmwarexgf-pn8b_firmwarexec-dr30su_firmwarexgl-psra_firmwarexgl-efmtbxbe-tp08a_firmwarexbc-dr32h\/dc_firmwarexbf-dv04axbc-dr40suxbc-dn30suxbc-dn20su_firmwarexec-dr28ua\/dcxec-dp10exbf-rd04a_firmwarexbo-rd01a_firmwarexgr-cpuh\/s_firmwarexbe-dn32a_firmwarexbc-dn\(p\)32ua\/dc_firmwarexec-dn60suxgq-tr2axbm-dp16sxbc-dr40su_firmwarexbe-ry16axbf-ad04axbf-pd02a_firmwarexgi-cpuu_firmwarexbc-dr28up_firmwarexec-dp60su_firmwarexec-dn64hxgi-d28axbc-dr10e_firmwarexbe-ry08b_firmwarexbc-dr20exbe-dn32axem-dp32hpxbc-dn64h\/dcxgi-d22a_firmwarexbc-dr14exgf-ac4h_firmwarexbf-rd04axgl-c42b_firmwarexgq-tr8b_firmwarexgk-cpua_firmwarexbc-dr64h\/dc_firmwarexbe-ry16a_firmwarexec-dp30exgf-hd2axbe-dc32a_firmwarexbc-dp10exec-dr28uaxgf-soeaxbf-dc04c_firmwarexgf-pd1h_firmwarexec-dr28up_firmwarexbm-dn16s_firmwarexgk-cpuhn_firmwarexec-dr28uxbf-ad04a_firmwarexbc-dn\(p\)32uaxec-dn30suxbm-dn32h2xbo-tc02a_firmwarexbf-tc04tt_firmwarexec-dn14e_firmwarexbm-dp32h2_firmwarexbf-ah04axbe-tp08axgk-cpusxgq-tr2bxgf-h08a_firmwarexec-dp20exem-dn32hp_firmwarexgk-cpue_firmwarexbc-dr64hxbc-dr30suxbm-dp32h2xgi-d28a_firmwarexgq-tr4a_firmwarexec-dn32hxbf-tc04sxbf-tc04rt_firmwarexgf-ac8a_firmwarexbc-dr14e_firmwarexgf-pn8axbe-dc08a_firmwarexbc-dp30e_firmwarexgi-cpuexgf-pd4hxbc-dn14e_firmwarexgf-dv4s_firmwarexgi-d21a_firmwarexbf-dv04cxgr-cpuh\/sxbc-dn10exbe-ry08axgi-cpue_firmwarexbo-tn04axec-dr10exbo-tn04a_firmwarexbg-pn04b_firmwarexgq-ry2bxbe-dc32axec-dn40suxgf-aw4sxgf-po2hxgl-efmfb_firmwarexgk-cpusn_firmwarexec-dr28u\/dc_firmwarexec-dn30e_firmwarexgf-dv4a_firmwarexec-dn\(p\)32up\/dc_firmwarexbc-dn30egm7_firmwarexbe-dr32a_firmwarexem-dp32h2_firmwarexbe-tp32axgk-cpuunxgf-pn4b_firmwarexgf-tc4rtxbf-dv04c_firmwarexec-dp20su_firmwarexec-dn60su_firmwarexbf-dv04a_firmwarexgq-ss2a_firmwarexgk-cpuun_firmwarexbc-dr64h_firmwarexgq-tr1cxgi-cpuu\/dxg5000xbc-dn\(p\)32u\/dc_firmwarePLC: XGK-CPUU/H/A/S/EPLC: XGB-XECHPLC: XGR-CPUHPLC: XGI-CPUU/UD/H/S/EXG5000PLC: XGB-XBCHPLC: XGB-XBMS
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-47182
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.07% / 23.16%
||
7 Day CHG~0.00%
Published-27 Sep, 2024 | 13:58
Updated-04 Oct, 2024 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dozzle uses unsafe hash for passwords

Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3.

Action-Not Available
Vendor-amirraminfaramir20
Product-dozzledozzle
CWE ID-CWE-328
Use of Weak Hash
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-26306
Matching Score-4
Assigner-Document Foundation, The
ShareView Details
Matching Score-4
Assigner-Document Foundation, The
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.61%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Execution of Untrusted Macros Due to Improper Certificate Validation

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.

Action-Not Available
Vendor-libreofficeThe Document FoundationDebian GNU/Linux
Product-debian_linuxlibreofficeLibreOffice
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2022-2640
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.38%
||
7 Day CHG~0.00%
Published-12 Dec, 2022 | 01:50
Updated-16 Apr, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP).

Action-Not Available
Vendor-hornerautomationHorner Automation
Product-rcc972rcc972_firmwareRemote Compact Controller (RCC) 972
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-24318
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.35%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)

Action-Not Available
Vendor-n/a
Product-clearscadaecostruxure_geo_scada_expert_2020ecostruxure_geo_scada_expert_2019ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-22453
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 18.41%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 17:40
Updated-16 Sep, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 224919.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_governancelinux_kernelSecurity Verify Governance
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-22368
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 18:20
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-spectrum_scaleaixwindowslinux_kernelSpectrum Scale
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-22464
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-08 Jul, 2022 | 17:45
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-38984
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:35
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managersecurity_guardium_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-38862
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 18:55
Updated-16 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980.

Action-Not Available
Vendor-IBM Corporation
Product-data_risk_managerData Risk Manager
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-39182
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.18%
||
7 Day CHG~0.00%
Published-08 Nov, 2021 | 14:15
Updated-04 Aug, 2024 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Password Hash With Insufficient Computational Effort and Use of a Broken or Risky Cryptographic Algorithm and Reversible One-Way Hash in hashing.py

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`.

Action-Not Available
Vendor-enrocrypt_projectMorgan-Phoenix
Product-enrocryptEnroCrypt
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CWE ID-CWE-328
Use of Weak Hash
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-38925
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:10
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-38947
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 17:55
Updated-16 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_copy_data_managementlinux_kernelSpectrum Copy Data Management
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-38983
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.10% / 28.70%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:35
Updated-16 Sep, 2024 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelsecurity_guardium_key_lifecycle_managerwindowssecurity_key_lifecycle_manageraixSecurity Key Lifecycle Manager
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-32945
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.63%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-16 Apr, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MDT AutoSave Inadequate Encryption Strength

An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06.

Action-Not Available
Vendor-auvesy-mdtMDT Software
Product-autosaveautosave_for_system_platformA4SPAutoSave for System Platform (A4SP)MDT AutoSave
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-41594
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.91%
||
7 Day CHG~0.00%
Published-03 Oct, 2024 | 00:00
Updated-19 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor2762_firmwarevigor2765_firmwarevigor2952vigor2133_firmwarevigor2952_firmwarevigor3220_firmwarevigor2866_firmwarevigor2926vigor166vigorlte200_firmwarevigor3220vigor2915_firmwarevigor2766_firmwarevigor2962vigor2620vigor2832vigor2763vigor3912vigor1000bvigor1000b_firmwarevigor2832_firmwarevigor2765vigor2860_firmwarevigor2866vigor2763_firmwarevigor165_firmwarevigor2620_firmwarevigor2862_firmwarevigor166_firmwarevigor2865vigor2133vigor2762vigor2962_firmwarevigor2862vigor2135_firmwarevigor2926_firmwarevigor3912_firmwarevigor2925_firmwarevigorlte200vigor2865_firmwarevigor3910_firmwarevigor2915vigor2135vigor165vigor2766vigor3910vigor2860vigor2925n/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-27457
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.06% / 17.44%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 11:51
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access.

Action-Not Available
Vendor-emersonn/a
Product-x-stream_enhanced_xegp_firmwarex-stream_enhanced_xegpx-stream_enhanced_xegk_firmwarex-stream_enhanced_xefdx-stream_enhanced_xefd_firmwarex-stream_enhanced_xegkx-stream_enhanced_xexfx-stream_enhanced_xexf_firmwareEmerson Rosemount X-STREAM Gas Analyzer
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-5917
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.25% / 48.28%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 14:06
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-iq_centralized_managementbig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP, BIG-IQ
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2017-16632
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.84%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 20:11
Updated-05 Aug, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SapphireIMS 4097_1, the password in the database is stored in Base64 format.

Action-Not Available
Vendor-sapphireimsn/a
Product-sapphireimsn/a
CWE ID-CWE-326
Inadequate Encryption Strength
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found