Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-28053

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-18 Dec, 2023 | 11:30
Updated At-02 Aug, 2024 | 12:30
Rejected At-
Credits

Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:18 Dec, 2023 | 11:30
Updated At:02 Aug, 2024 | 12:30
Rejected At:
▼CVE Numbering Authority (CNA)

Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure.

Affected Products
Vendor
Dell Inc.Dell
Product
NetWorker Virtual Edition
Default Status
unaffected
Versions
Affected
  • Versions 19.9 through 19.9.0.2
  • Versions 19.8 through 19.8.0.3
  • Versions 19.7 through 19.7.0.5
  • Version 19.7.1
  • Versions Prior to 19.7
Problem Types
TypeCWE IDDescription
CWECWE-327CWE-327: Use of a Broken or Risky Cryptographic Algorithm
Type: CWE
CWE ID: CWE-327
Description: CWE-327: Use of a Broken or Risky Cryptographic Algorithm
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000220547/dsa-2023-358-security-update-for-dell-networker-virtual-edition-ssh-cryptographic-vulnerabilities
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000220547/dsa-2023-358-security-update-for-dell-networker-virtual-edition-ssh-cryptographic-vulnerabilities
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000220547/dsa-2023-358-security-update-for-dell-networker-virtual-edition-ssh-cryptographic-vulnerabilities
vendor-advisory
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000220547/dsa-2023-358-security-update-for-dell-networker-virtual-edition-ssh-cryptographic-vulnerabilities
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:18 Dec, 2023 | 12:15
Updated At:22 Feb, 2024 | 17:48

Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Dell Inc.
dell
>>emc_networker>>Versions before 19.8.0.4(exclusive)
cpe:2.3:a:dell:emc_networker:*:*:*:*:virtual:*:*:*
Dell Inc.
dell
>>emc_networker>>Versions from 19.9(inclusive) to 19.9.0.3(exclusive)
cpe:2.3:a:dell:emc_networker:*:*:*:*:virtual:*:*:*
Weaknesses
CWE IDTypeSource
CWE-327Primarynvd@nist.gov
CWE-327Secondarysecurity_alert@emc.com
CWE ID: CWE-327
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-327
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000220547/dsa-2023-358-security-update-for-dell-networker-virtual-edition-ssh-cryptographic-vulnerabilitiessecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000220547/dsa-2023-358-security-update-for-dell-networker-virtual-edition-ssh-cryptographic-vulnerabilities
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

64Records found
CVE-2024-22458
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-3.7||LOW
EPSS-0.09% / 25.12%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 10:57
Updated-04 Dec, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway (SCG) 5.0 Appliance - SRS
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-43891
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.04%
||
7 Day CHG~0.00%
Published-07 Oct, 2025 | 18:43
Updated-14 Oct, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an use of a Broken or Risky Cryptographic Algorithm vulnerability in the Authentication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature ReleasePowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2025
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-35163
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.73% / 72.80%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 19:25
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-http_serverweblogic_server_proxy_plug-inbsafe_crypto-c-micro-editiondatabasebsafe_micro-edition-suitesecurity_serviceDell BSAFE Crypto-C Micro Edition
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2020-29507
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-1.05% / 77.66%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 19:25
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-http_serverweblogic_server_proxy_plug-inbsafe_crypto-c-micro-editiondatabasebsafe_micro-edition-suitesecurity_serviceDell BSAFE Crypto-C Micro Edition
CWE ID-CWE-20
Improper Input Validation
CVE-2024-48007
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 66.36%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:00
Updated-13 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data.

Action-Not Available
Vendor-Dell Inc.
Product-recoverpoint_for_virtual_machinesRecoverPoint for Virtual Machines
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-36327
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 53.20%
||
7 Day CHG~0.00%
Published-30 Nov, 2021 | 20:40
Updated-16 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice.

Action-Not Available
Vendor-Dell Inc.
Product-emc_streaming_data_platformDell EMC Streaming Data Platform
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-43889
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.36%
||
7 Day CHG~0.00%
Published-07 Oct, 2025 | 18:37
Updated-14 Oct, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4, LTS2024 release Versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature ReleasePowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-32488
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 37.59%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 13:32
Updated-08 Oct, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-1230
Exposure of Sensitive Information Through Metadata
CVE-2021-21587
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-5.40% / 90.16%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 16:15
Updated-16 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-21594
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.26% / 49.07%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 22:00
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-598
Use of GET Request Method With Sensitive Query Strings
CVE-2022-34389
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-3.7||LOW
EPSS-0.51% / 66.28%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:23
Updated-26 Mar, 2025 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2022-46675
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 54.99%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 21:09
Updated-24 Mar, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A unauthenticated attacker could potentially discover the internal structure of the application and its components and use this information for further vulnerability research.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2025-38739
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.07% / 20.65%
||
7 Day CHG+0.02%
Published-04 Aug, 2025 | 15:53
Updated-18 Aug, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to Information Disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryDell Digital Delivery
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-11070
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.33% / 56.21%
||
7 Day CHG~0.00%
Published-11 Sep, 2018 | 19:00
Updated-16 Sep, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.

Action-Not Available
Vendor-Dell Inc.
Product-bsafe_crypto-jrsa_bsafe_ssl-jRSA BSAFE SSL-JRSA BSAFE Crypto-J
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2018-11057
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.62% / 70.12%
||
7 Day CHG~0.00%
Published-31 Aug, 2018 | 18:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.

Action-Not Available
Vendor-Dell Inc.RSA Security LLCOracle Corporation
Product-timesten_in-memory_databasecommunications_ip_service_activatorcore_rdbmscommunications_analyticsbsafegoldengate_application_adaptersreal_user_experience_insightapplication_testing_suitejd_edwards_enterpriseone_toolsretail_predictive_application_serverenterprise_manager_ops_centersecurity_serviceBSAFE Micro Edition Suite
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2018-11069
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.27% / 49.99%
||
7 Day CHG~0.00%
Published-11 Sep, 2018 | 19:00
Updated-16 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.

Action-Not Available
Vendor-Dell Inc.
Product-bsafe_ssl-jRSA BSAFE SSL-J
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-26854
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.27% / 50.60%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-17 Sep, 2024 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-30477
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 9.23%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 16:32
Updated-06 Aug, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-22475
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-3.7||LOW
EPSS-0.18% / 39.57%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 02:19
Updated-07 Feb, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect DD
CWE ID-CWE-1240
Use of a Cryptographic Primitive with a Risky Implementation
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-39583
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.31% / 53.80%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 08:45
Updated-31 Dec, 2025 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-insightiqPowerScale InsightIQpowerscale_insightiq
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-22564
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 35.18%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 15:34
Updated-20 Mar, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-3736
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.07% / 21.84%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 20:19
Updated-17 Sep, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_idpa_dp8300emc_integrated_data_protection_appliance_firmwareemc_idpa_dp5800emc_idpa_dp4400emc_idpa_dp8800Integrated Data Protection Appliance
CWE ID-CWE-257
Storing Passwords in a Recoverable Format
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-22559
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.36%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 17:50
Updated-16 Sep, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-37137
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-3.8||LOW
EPSS-0.02% / 4.84%
||
7 Day CHG~0.00%
Published-28 Jun, 2024 | 01:33
Updated-03 Feb, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-cloudlinkCloudLink
CWE ID-CWE-1240
Use of a Cryptographic Primitive with a Risky Implementation
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-32852
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 39.16%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 06:57
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographic algorithm vulnerability. An unprivileged network malicious attacker could potentially exploit this vulnerability, leading to data leaks.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-48016
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.6||MEDIUM
EPSS-0.15% / 34.96%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 16:34
Updated-13 Dec, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use exposed credentials to access the system with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway (SCG) 5.0 Appliance - SRS
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-29175
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.29% / 52.29%
||
7 Day CHG~0.00%
Published-26 Jun, 2024 | 03:03
Updated-23 Sep, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect DDpowerprotect_dd
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-28980
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.43%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:20
Updated-04 Feb, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

Action-Not Available
Vendor-Dell Inc.
Product-recoverpoint_for_virtual_machinesRecoverPoint for Virtual Machines
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-28972
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.19% / 40.50%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 07:55
Updated-03 Sep, 2024 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-insightiqInsightIQ
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-25968
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 06:32
Updated-09 Jan, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-22463
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.4||HIGH
EPSS-0.11% / 29.66%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 13:18
Updated-08 Jan, 2025 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality and integrity of sensitive information

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2007-6755
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-5.8||MEDIUM
EPSS-0.33% / 55.96%
||
7 Day CHG~0.00%
Published-11 Oct, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.

Action-Not Available
Vendor-n/aDell Inc.
Product-bsafe_crypto-c-micro-editionbsafe_crypto-jn/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2016-0923
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.58% / 68.93%
||
7 Day CHG~0.00%
Published-18 Sep, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used.

Action-Not Available
Vendor-n/aDell Inc.
Product-bsafen/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2015-0533
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.31% / 54.08%
||
7 Day CHG~0.00%
Published-20 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-3572.

Action-Not Available
Vendor-n/aDell Inc.
Product-bsafebsafe_ssl-cn/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2015-0535
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.36%
||
7 Day CHG~0.00%
Published-20 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a similar issue to CVE-2015-0204.

Action-Not Available
Vendor-n/aDell Inc.
Product-bsafebsafe_ssl-cn/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-36298
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.20% / 41.77%
||
7 Day CHG~0.00%
Published-01 Oct, 2021 | 20:20
Updated-17 Sep, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-isilon_insightiqisilon_insightiq_firmwareIsilon InsightIQ
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-43723
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 12.29%
||
7 Day CHG+0.01%
Published-10 Nov, 2025 | 19:10
Updated-14 Nov, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions prior to 9.10.1.3 and versions 9.11.0.0 through 9.12.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-43909
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-3.7||LOW
EPSS-0.04% / 11.54%
||
7 Day CHG~0.00%
Published-07 Oct, 2025 | 19:11
Updated-14 Oct, 2025 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Use of a Broken or Risky Cryptographic Algorithm vulnerability in the DD boost. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature ReleasePowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2025
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-25963
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 38.69%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 18:32
Updated-09 Jan, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSemc_powerscale_onefs
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-39252
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 15.02%
||
7 Day CHG~0.00%
Published-21 Sep, 2023 | 05:32
Updated-20 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.

Action-Not Available
Vendor-Dell Inc.
Product-policy_manager_for_secure_connect_gatewaySecure Connect Gateway (SCG) Policy Manager
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-34444
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 35.15%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:38
Updated-26 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-28043
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.87%
||
7 Day CHG~0.00%
Published-01 Jun, 2023 | 15:58
Updated-08 Jan, 2025 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-31230
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.20% / 41.97%
||
7 Day CHG~0.00%
Published-28 Jun, 2022 | 18:40
Updated-16 Sep, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-28076
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 35.40%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 15:26
Updated-22 Jan, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-cloudlinkCloudLink
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-23695
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 31.66%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 06:12
Updated-12 Mar, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway (SCG) 5.0 Appliance - SRS
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-43913
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.24%
||
7 Day CHG~0.00%
Published-07 Oct, 2025 | 18:54
Updated-14 Oct, 2025 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Use of a Broken or Risky Cryptographic Algorithm vulnerability in the DDOS. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature ReleasePowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2025
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-2781
Matching Score-4
Assigner-Octopus Deploy
ShareView Details
Matching Score-4
Assigner-Octopus Deploy
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.49%
||
7 Day CHG~0.00%
Published-06 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.

Action-Not Available
Vendor-Octopus Deploy Pty. Ltd.
Product-octopus_serverOctopus Server
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-1810
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.25%
||
7 Day CHG~0.00%
Published-09 Jan, 2020 | 17:44
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-s5700_firmwares6700_firmwares5700cloudengine_12800s6700cloudengine_12800_firmwareCloudEngine 12800;S5700;S6700
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-9836
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 46.50%
||
7 Day CHG~0.00%
Published-25 Jun, 2019 | 20:17
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.

Action-Not Available
Vendor-n/aAdvanced Micro Devices, Inc.openSUSE
Product-epyc_7601epyc_7351pepyc_7261epyc_7451epyc_7251epyc_7351epyc_7371secure_encrypted_virtualization_firmwareepyc_7401epyc_7501epyc_7281epyc_7551epyc_7301epyc_7551pepyc_7401pleapn/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-5135
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 36.99%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 21:59
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12).

Action-Not Available
Vendor-wagoWago
Product-pfc200pfc100pfc200_firmwarepfc100_firmwareWAGO PFC100 FirmwareWAGO PFC200 Firmware
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
  • Previous
  • 1
  • 2
  • Next
Details not found