Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-52884

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-07 Feb, 2025 | 00:00
Updated At-10 Feb, 2025 | 16:55
Rejected At-
Credits

An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:07 Feb, 2025 | 00:00
Updated At:10 Feb, 2025 | 16:55
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.audiocodes.com/solutions-products/products/session-border-controllers-sbcs
N/A
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-078.txt
N/A
Hyperlink: https://www.audiocodes.com/solutions-products/products/session-border-controllers-sbcs
Resource: N/A
Hyperlink: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-078.txt
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-327CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Type: CWE
CWE ID: CWE-327
Description: CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:07 Feb, 2025 | 16:15
Updated At:01 May, 2025 | 14:25

An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
audiocodes
audiocodes
>>mediant_session_border_controller>>Versions before 7.40a.501.841(exclusive)
cpe:2.3:a:audiocodes:mediant_session_border_controller:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-327Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-327
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.audiocodes.com/solutions-products/products/session-border-controllers-sbcscve@mitre.org
Product
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-078.txtcve@mitre.org
Third Party Advisory
Hyperlink: https://www.audiocodes.com/solutions-products/products/session-border-controllers-sbcs
Source: cve@mitre.org
Resource:
Product
Hyperlink: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-078.txt
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

171Records found
CVE-2024-52881
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.82%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 00:00
Updated-01 May, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file.

Action-Not Available
Vendor-audiocodesn/a
Product-one_voice_operations_centern/a
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2023-22957
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.18%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 00:00
Updated-10 Oct, 2024 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password.

Action-Not Available
Vendor-audiocodesn/aaudiocodes_ltd
Product-c455hd_firmwarec435hd_firmwarec470hd_firmware405hd_firmware405hdc450hd_firmware445hd_firmwarec470hd445hdc435hdc455hdc450hdn/avoip_phones
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-22956
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.18%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 00:00
Updated-10 Oct, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information.

Action-Not Available
Vendor-audiocodesn/aaudiocodes_ltd
Product-c455hd_firmwarec435hd_firmwarec470hd_firmware405hd_firmware405hdc450hd_firmware445hd_firmwarec470hd445hdc435hdc455hdc450hdn/avoip_phones
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-52883
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.66%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 00:00
Updated-01 May, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication.

Action-Not Available
Vendor-audiocodesn/a
Product-one_voice_operations_centern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-45450
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.98%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 00:00
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

Action-Not Available
Vendor-n/aFedora ProjectArm Limited
Product-mbed_tlsfedoran/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-45485
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.74%
||
7 Day CHG-0.14%
Published-25 Dec, 2021 | 01:05
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, IncOracle Corporation
Product-solidfire_\&_hci_management_nodeh300s_firmwareh410c_firmwareaff_a400_firmwareh410sh610s_firmwareh300shci_compute_nodefabric-attached_storage_a400_firmwareall_flash_fabric-attached_storage_8300_firmwarecommunications_cloud_native_core_policyh300e_firmwareh610sh500ee-series_santricity_os_controllerh500s_firmwareh500e_firmwarecommunications_cloud_native_core_binding_support_functionh700ehci_compute_node_firmwareh610c_firmwareh610ch300eh500sh615c_firmwareall_flash_fabric-attached_storage_8700communications_cloud_native_core_network_exposure_functionall_flash_fabric-attached_storage_8300fabric-attached_storage_8700_firmwarefabric-attached_storage_8300all_flash_fabric-attached_storage_8700_firmwarelinux_kernelh410s_firmwareh700s_firmwareaff_a400h615cfabric-attached_storage_8300_firmwaresolidfire\,_enterprise_sds_\&_hci_storage_nodefabric-attached_storage_a400h410ch700e_firmwareh700sfabric-attached_storage_8700brocade_fabric_operating_system_firmwaren/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-45451
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.07%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 00:00
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

Action-Not Available
Vendor-n/aFedora ProjectArm Limited
Product-mbed_tlsfedoran/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-43989
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.50%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 19:48
Updated-16 Sep, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mySCADA myPRO

mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes.

Action-Not Available
Vendor-myscadamySCADA
Product-mypromyPRO
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-42583
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.84%
||
7 Day CHG~0.00%
Published-28 Dec, 2021 | 18:12
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information.

Action-Not Available
Vendor-foxcppn/a
Product-maddyn/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-41835
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.3||HIGH
EPSS-0.05% / 14.69%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 18:17
Updated-16 Apr, 2025 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algorithm

Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port TCP/80 to the encrypted service.

Action-Not Available
Vendor-fresenius-kabiFresenius Kabi
Product-link\+_agilia_firmwarevigilant_insightagilia_connectvigilant_mastermedlink\+_agiliavigilant_centeriumagilia_partner_maintenance_softwareAgilia Link+
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-35513
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.80% / 90.16%
||
7 Day CHG~0.00%
Published-07 Sep, 2022 | 13:54
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.

Action-Not Available
Vendor-blink1n/a
Product-blink1control2n/a
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-38921
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 17:55
Updated-16 Sep, 2024 | 22:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-39182
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.18%
||
7 Day CHG~0.00%
Published-08 Nov, 2021 | 14:15
Updated-04 Aug, 2024 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Password Hash With Insufficient Computational Effort and Use of a Broken or Risky Cryptographic Algorithm and Reversible One-Way Hash in hashing.py

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`.

Action-Not Available
Vendor-enrocrypt_projectMorgan-Phoenix
Product-enrocryptEnroCrypt
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CWE ID-CWE-328
Use of Weak Hash
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-39058
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.34%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 17:55
Updated-16 Sep, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 214617.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_copy_data_managementlinux_kernelSpectrum Copy Data Management
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-4540
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.17% / 38.36%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 16:45
Updated-16 Sep, 2024 | 22:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813.

Action-Not Available
Vendor-IBM Corporation
Product-security_directory_serverSecurity Directory Server
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-39002
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 16.08%
||
7 Day CHG~0.00%
Published-09 Dec, 2021 | 17:00
Updated-16 Sep, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncNetApp, Inc.Oracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixoncommand_insightDB2 for Linux, UNIX and Windows
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-39076
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.11% / 30.31%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 16:15
Updated-17 Sep, 2024 | 02:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 215585.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-41775
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 8.18%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 17:13
Updated-11 Dec, 2024 | 03:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controller
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-4609
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 33.78%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 16:15
Updated-17 Sep, 2024 | 02:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-3818
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-0.08% / 23.79%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption.

Action-Not Available
Vendor-kube-rbac-proxy_project[UNKNOWN]Red Hat, Inc.
Product-openshift_container_platformkube-rbac-proxykube-rbac-proxy
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-39745
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 13.84%
||
7 Day CHG~0.00%
Published-22 Aug, 2024 | 11:06
Updated-23 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Connect:Direct Web Services information disclosure

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixsterling_connect_direct_web_serviceswindowslinux_kernelSterling Connect:Direct Web Services
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-39731
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 9.84%
||
7 Day CHG-0.02%
Published-15 Jul, 2024 | 01:36
Updated-02 Aug, 2024 | 04:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Datacap Navigator information disclosure

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970.

Action-Not Available
Vendor-IBM Corporation
Product-datacapDatacap Navigator
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-36823
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.55% / 93.35%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 21:14
Updated-25 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The encrypt() function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information.

Action-Not Available
Vendor-ninjaframeworkn/a
Product-ninjan/a
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-37068
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 12.26%
||
7 Day CHG~0.00%
Published-07 Sep, 2024 | 13:43
Updated-21 Sep, 2024 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Maximo Application Suite information disclosure

IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_application_suiteMaximo Application Suite
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-35537
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.52%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 00:00
Updated-13 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption.

Action-Not Available
Vendor-tvsmotorn/a
Product-tvs_connectn/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-29894
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-30 Sep, 2021 | 16:20
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-openshiftcloud_pak_for_securityCloud Pak for Security
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-29704
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-23 Aug, 2021 | 16:05
Updated-16 Sep, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-resilient_security_orchestration_automation_and_responseSecurity
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-29723
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 35.05%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 17:00
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_external_authentication_serversolarislinux_kernelsterling_secure_proxyhp-uxlinux_on_ibm_zwindowsaixSterling Secure Proxy
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-29794
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 16:05
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 203556.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_netcool\/impactTivoli Netcool Impact
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-31896
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.01% / 1.19%
||
7 Day CHG-0.01%
Published-25 Mar, 2025 | 18:58
Updated-18 Aug, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM SPSS Statistics information disclosure

IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-spss_statisticsSPSS Statistics
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-27784
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 27.18%
||
7 Day CHG+0.01%
Published-31 Oct, 2022 | 22:05
Updated-02 May, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Launch container images may contain non-unique https certificates and database encryption key

The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-hcl_launch_container_imageHCL Launch
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-4399
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 33.78%
||
7 Day CHG~0.00%
Published-25 Oct, 2019 | 16:30
Updated-16 Sep, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_orchestratorCloud Orchestrator
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-28972
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 19.56%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 07:55
Updated-03 Sep, 2024 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-insightiqInsightIQ
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-25963
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 39.28%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 18:32
Updated-09 Jan, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSemc_powerscale_onefs
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-25968
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 36.40%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 06:32
Updated-09 Jan, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-4639
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 33.78%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 18:30
Updated-16 Sep, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 170045.

Action-Not Available
Vendor-IBM Corporation
Product-security_secret_serverSecurity Secret Server
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-22361
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 8.87%
||
7 Day CHG~0.00%
Published-10 Feb, 2024 | 15:13
Updated-19 Aug, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Semeru Runtime information disclosure

IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222.

Action-Not Available
Vendor-IBM Corporation
Product-semeru_runtimeSemeru Runtime
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-22347
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 4.98%
||
7 Day CHG~0.00%
Published-20 Jan, 2025 | 17:41
Updated-14 Aug, 2025 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM UrbanCode Velocity information disclosure

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-devops_velocityurbancode_velocityDevOps VelocityUrbanCode Velocity
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-22314
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 4.24%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 16:17
Updated-19 Aug, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Defender - Resiliency Service information disclosure

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-storage_defender_resiliency_serviceStorage Defender - Resiliency Service
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-4553
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 35.59%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 15:20
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-4427
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.97%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 16:10
Updated-16 Sep, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID: 162773.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowscloud_cliCloud CLI
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-20419
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 28.43%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 13:55
Updated-16 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196280.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-4563
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.04% / 11.31%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 17:01
Updated-08 Jan, 2025 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Progress MOVEit Automation Configuration Export Function Uses a Cryptographic Method with Insufficient Bit Length

The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length.

Action-Not Available
Vendor-Progress Software Corporation
Product-moveit_automationMOVEit Automationmoveit_automation
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-4331
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.71%
||
7 Day CHG~0.00%
Published-15 Aug, 2023 | 18:25
Updated-08 Oct, 2024 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols

Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols

Action-Not Available
Vendor-Intel CorporationBroadcom Inc.
Product-raid_controller_web_interfaceLSI Storage Authority (LSA)RAID Web Console 3 (RWC3)raid_web_console_3lsi_storage_authority
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-9528
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.34%
||
7 Day CHG~0.00%
Published-10 Aug, 2020 | 15:25
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from cryptographic issues that allow remote attackers to access user session data, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. This affects products marketed under the following brand names: Accfly, Alptop, Anlink, Besdersec, BOAVISION, COOAU, CPVAN, Ctronics, D3D Security, Dericam, Elex System, Elite Security, ENSTER, ePGes, Escam, FLOUREON, GENBOLT, Hongjingtian (HJT), ICAMI, Iegeek, Jecurity, Jennov, KKMoon, LEFTEK, Loosafe, Luowice, Nesuniq, Nettoly, ProElite, QZT, Royallite, SDETER, SV3C, SY2L, Tenvis, ThinkValue, TOMLOV, TPTEK, WGCC, and ZILINK.

Action-Not Available
Vendor-hichipn/a
Product-shenzhen_hichip_vision_technology_firmwaren/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-40696
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 8.19%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 17:34
Updated-07 Jan, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller information disclosure

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controller
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-6987
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.93%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 19:00
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-pt-7828-r-24pt-7528-12msc-12tx-4gsfp-wv-wv_firmwarept-7528-20mst-4tx-4gsfp-wv-wv_firmwarept-7528-16msc-8tx-4gsfp-hv-hvpt-7528-8mst-16tx-4gsfp-hv_firmwarept-7528-12mst-12tx-4gsfp-hv_firmwarept-7528-8ssc-16tx-4gsfp-hv-hv_firmwarept-7528-12mst-12tx-4gsfp-hv-hvpt-7528-8mst-16tx-4gsfp-hv-hv_firmwarept-7828-r-24-24pt-7528-12msc-12tx-4gsfp-hvpt-7528-8msc-16tx-4gsfp-wv-wvpt-7528-12mst-12tx-4gsfp-hvpt-7828-f-hv-hv_firmwarept-7528-20msc-4tx-4gsfp-wvpt-7528-16mst-8tx-4gsfp-wvpt-7528-12msc-12tx-4gsfp-wv_firmwarept-7828-r-24-24_firmwarept-7528-20msc-4tx-4gsfp-wv-wvpt-7828-r-hv-hv_firmwarept-7528-20mst-4tx-4gsfp-hvpt-7528-16msc-8tx-4gsfp-hv_firmwarept-7528-12msc-12tx-4gsfp-hv-hv_firmwarept-7528-8mst-16tx-4gsfp-wv-wv_firmwarept-7528-20mst-4tx-4gsfp-wv-wvpt-7528-8msc-16tx-4gsfp-hv_firmwarept-7828-f-24-hv_firmwarept-7828-f-48-hvpt-7828-r-48-hv_firmwarept-7828-f-24-24_firmwarept-7528-8msc-16tx-4gsfp-hv-hv_firmwarept-7528-8mst-16tx-4gsfp-wv-wvpt-7828-f-48-hv_firmwarept-7528-16msc-8tx-4gsfp-wvpt-7528-8ssc-16tx-4gsfp-wv-wvpt-7528-24tx-wv-wv_firmwarept-7528-20msc-4tx-4gsfp-wv_firmwarept-7828-r-24-hvpt-7828-f-hv-hvpt-7828-r-48-48_firmwarept-7828-f-hv_firmwarept-7528-24tx-wv-hvpt-7528-24tx-wv_firmwarept-7528-12msc-12tx-4gsfp-hv-hvpt-7528-24tx-wvpt-7528-16msc-8tx-4gsfp-wv_firmwarept-7828-r-48_firmwarept-7828-r-hv-hvpt-7528-16msc-8tx-4gsfp-wv-wvpt-7828-f-48_firmwarept-7528-8ssc-16tx-4gsfp-hv-hvpt-7528-12mst-12tx-4gsfp-wv-wv_firmwarept-7828-r-hv_firmwarept-7528-20mst-4tx-4gsfp-hv-hv_firmwarept-7528-8ssc-16tx-4gsfp-wv-wv_firmwarept-7828-f-24pt-7528-24tx-wv-hv_firmwarept-7528-8mst-16tx-4gsfp-hvpt-7528-24tx-hv-hv_firmwarept-7528-16mst-8tx-4gsfp-hv-hvpt-7528-16mst-8tx-4gsfp-hv-hv_firmwarept-7828-f-24_firmwarept-7528-8msc-16tx-4gsfp-hv-hvpt-7828-r-48pt-7528-16mst-8tx-4gsfp-wv-wv_firmwarept-7528-12msc-12tx-4gsfp-hv_firmwarept-7528-16msc-8tx-4gsfp-hv-hv_firmwarept-7528-8msc-16tx-4gsfp-wvpt-7528-20msc-4tx-4gsfp-hv-hv_firmwarept-7828-r-24-hv_firmwarept-7828-r-48-48pt-7528-20msc-4tx-4gsfp-hv_firmwarept-7528-8mst-16tx-4gsfp-wvpt-7528-20msc-4tx-4gsfp-wv-wv_firmwarept-7828-r-hvpt-7528-8mst-16tx-4gsfp-wv_firmwarept-7828-f-48-48_firmwarept-7828-r-48-hvpt-7528-20msc-4tx-4gsfp-hv-hvpt-7528-8msc-16tx-4gsfp-wv-wv_firmwarept-7528-16mst-8tx-4gsfp-wv_firmwarept-7528-12mst-12tx-4gsfp-wv_firmwarept-7528-12msc-12tx-4gsfp-wv-wvpt-7528-24tx-hv_firmwarept-7528-20mst-4tx-4gsfp-wv_firmwarept-7528-8msc-16tx-4gsfp-hvpt-7828-f-48-48pt-7528-16msc-8tx-4gsfp-wv-wv_firmwarept-7528-16mst-8tx-4gsfp-wv-wvpt-7528-8mst-16tx-4gsfp-hv-hvpt-7528-16mst-8tx-4gsfp-hv_firmwarept-7528-12mst-12tx-4gsfp-wv-wvpt-7528-20msc-4tx-4gsfp-hvpt-7528-16msc-8tx-4gsfp-hvpt-7528-24tx-wv-wvpt-7528-16mst-8tx-4gsfp-hvpt-7828-r-24_firmwarept-7528-20mst-4tx-4gsfp-hv_firmwarept-7528-20mst-4tx-4gsfp-hv-hvpt-7528-12mst-12tx-4gsfp-hv-hv_firmwarept-7528-24tx-hvpt-7528-8msc-16tx-4gsfp-wv_firmwarept-7828-f-hvpt-7528-24tx-hv-hvpt-7528-20mst-4tx-4gsfp-wvpt-7828-f-24-hvpt-7528-12mst-12tx-4gsfp-wvpt-7828-f-48pt-7528-12msc-12tx-4gsfp-wvpt-7828-f-24-24Moxa PT-7528 series firmware, Version 4.0 or lower, PT-7828 series firmware, Version 3.9 or lower
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-20138
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.72%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 13:56
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used.

Action-Not Available
Vendor-http_authentication_library_projectn/a
Product-http_authentication_libraryn/a
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-41097
Matching Score-4
Assigner-Silicon Labs
ShareView Details
Matching Score-4
Assigner-Silicon Labs
CVSS Score-4.6||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 20:33
Updated-23 Apr, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential Timing vulnerability in CBC PKCS7 padding calculations

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.

Action-Not Available
Vendor-silabssilabs.com
Product-gecko_software_development_kitGSDK
CWE ID-CWE-208
Observable Timing Discrepancy
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-41763
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 6.43%
||
7 Day CHG~0.00%
Published-04 Jan, 2025 | 14:38
Updated-21 Mar, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Lifecycle Optimization - Publishing information disclosure

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelengineering_lifecycle_optimization_publishingwindowsEngineering Lifecycle Optimization Publishing
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found