Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-4894

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-18 May, 2025 | 20:00
Updated At-19 May, 2025 | 14:09
Rejected At-
Credits

calmkart Django-sso-server crypto.py gen_rsa_keys inadequate encryption

A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encryption strength. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:18 May, 2025 | 20:00
Updated At:19 May, 2025 | 14:09
Rejected At:
▼CVE Numbering Authority (CNA)
calmkart Django-sso-server crypto.py gen_rsa_keys inadequate encryption

A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encryption strength. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Affected Products
Vendor
calmkartcalmkart
Product
Django-sso-server
Versions
Affected
  • 057247929a94ffc358788a37ab99e391379a4d15
Problem Types
TypeCWE IDDescription
CWECWE-326Inadequate Encryption Strength
CWECWE-310Cryptographic Issues
Type: CWE
CWE ID: CWE-326
Description: Inadequate Encryption Strength
Type: CWE
CWE ID: CWE-310
Description: Cryptographic Issues
Metrics
VersionBase scoreBase severityVector
4.06.3MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.03.7LOW
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
2.02.6N/A
AV:N/AC:H/Au:N/C:P/I:N/A:N
Version: 4.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.0
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 2.0
Base score: 2.6
Base severity: N/A
Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
dev03303 (VulDB User)
Timeline
EventDate
Advisory disclosed2025-05-17 00:00:00
VulDB entry created2025-05-17 02:00:00
VulDB entry last update2025-05-17 12:00:35
Event: Advisory disclosed
Date: 2025-05-17 00:00:00
Event: VulDB entry created
Date: 2025-05-17 02:00:00
Event: VulDB entry last update
Date: 2025-05-17 12:00:35
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.309448
vdb-entry
technical-description
https://vuldb.com/?ctiid.309448
signature
permissions-required
https://vuldb.com/?submit.578019
third-party-advisory
Hyperlink: https://vuldb.com/?id.309448
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.309448
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.578019
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:18 May, 2025 | 20:15
Updated At:05 Jun, 2025 | 19:39

A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encryption strength. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.3MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary2.02.6LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 2.0
Base score: 2.6
Base severity: LOW
Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N
CPE Matches
calmkart
calmkart
>>django-sso-server>>*
cpe:2.3:a:calmkart:django-sso-server:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-310Primarycna@vuldb.com
CWE-326Primarycna@vuldb.com
CWE-326Primarynvd@nist.gov
CWE ID: CWE-310
Type: Primary
Source: cna@vuldb.com
CWE ID: CWE-326
Type: Primary
Source: cna@vuldb.com
CWE ID: CWE-326
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://vuldb.com/?ctiid.309448cna@vuldb.com
Permissions Required
VDB Entry
https://vuldb.com/?id.309448cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.578019cna@vuldb.com
Third Party Advisory
VDB Entry
Exploit
Hyperlink: https://vuldb.com/?ctiid.309448
Source: cna@vuldb.com
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?id.309448
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.578019
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Exploit

Change History

0
Information is not available yet

Similar CVEs

29Records found
CVE-2018-1785
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.13% / 33.54%
||
7 Day CHG-0.00%
Published-26 Sep, 2018 | 15:00
Updated-16 Sep, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870.

Action-Not Available
Vendor-IBM CorporationApple Inc.
Product-spectrum_protect_clientmacosspectrum_protect_for_virtual_environmentsSpectrum Protect
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-16499
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.9||MEDIUM
EPSS-0.07% / 21.15%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 18:45
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. Usage of unapproved SSH encryption protocols or cipher suites also violates the Data Protection TSR (Technical Security Requirements).

Action-Not Available
Vendor-n/aVersa Networks, Inc.
Product-versa_operating_systemVersa VOS
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2025-9513
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 1.03%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 05:32
Updated-28 Aug, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
editso fuso mod.rs PenetrateRsaAndAesHandshake inadequate encryption

A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument priv_key causes inadequate encryption strength. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is reported as difficult.

Action-Not Available
Vendor-editso
Product-fuso
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-20369
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 33.06%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 16:10
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_applicationsCloud Pak for Applications
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2025-9239
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 0.61%
||
7 Day CHG-0.00%
Published-20 Aug, 2025 | 18:02
Updated-22 Aug, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
elunez eladmin DES Key EncryptUtils.java EncryptUtils inadequate encryption

A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STR_PARAM with the input Passw0rd leads to inadequate encryption strength. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation appears to be difficult.

Action-Not Available
Vendor-elunez
Product-eladmin
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-2758
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 13.57%
||
7 Day CHG~0.00%
Published-31 Aug, 2022 | 15:33
Updated-16 Apr, 2025 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Update

Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic.

Action-Not Available
Vendor-LS ELECTRIC Co. Ltd.
Product-xgk-cpuu_firmwarexbc-dr28uaxgk-cpusnxbm-dn32s_firmwarexgf-rd8axbc-dn\(p\)32uxec-dn\(p\)32up\/dcxgl-ch2b_firmwarexgl-ch2bxbf-pd02axec-dr32h\/d1xgi-cpuu\/d_firmwarexgi-cpuun_firmwarexgq-tr4bxbc-dr30e_firmwarexem-dn32h2_firmwarexec-dp64hxgl-psraxbc-dn60suxgi-d22b_firmwarexec-dr40su_firmwarexgf-tc4sxbf-ah04a_firmwarexbc-dn\(p\)32ua_firmwarexgf-ho2a_firmwarexbe-tp32a_firmwarexgk-xpuhxbc-dr28u_firmwarexbf-ho02a_firmwarexbc-dr32h_firmwarexbe-dc16axbc-dr10exgf-dl16a_firmwarexbm-dn32sxbc-dp30su_firmwarexec-dr64h\/di_firmwarexgq-tr1c_firmwarexgf-po4hxec-dn\(p\)32ua\/dc_firmwarexgi-d28b_firmwarexgl-c22bxgf-ad16a_firmwarexec-dp20suxec-dr14e_firmwarexbc-dn20exbc-dp60suxgf-tc4s_firmwarexgf-dv4axgf-po3hxbc-dp30exgf-dv8axbo-dc04a_firmwarexgf-hd2a_firmwarexgf-pd2h_firmwarexbc-dn\(p\)32u_firmwarexgl-dmeb_firmwarexgq-ry2axgf-h08axgf-po4h_firmwarexec-dr28upxbc-dn\(p\)32upk80sxbm-dn32hpxbe-dr16axec-dn\(p\)32uaxbf-ad08a_firmwarexbc-dr20suxbc-dn40su_firmwarexgf-av8a_firmwarexbm-dn32hp_firmwarexgf-po1hxgk-cpuaxbc-dp20su_firmwarexbc-dp14exgl-efmfbxbc-dr28uxgl-c22b_firmwarexgi-cpus_firmwarexgi-d22axgf-dv4sxgq-tr8bxbc-dn\(p\)32ua\/dcxbc-dr32hxbm-dp16s_firmwarexbm-dn16sxbo-dc04axec-dp30suxec-dp64h_firmwarexbc-dn14exgl-c42bxgi-d22bxgl-pseaxbo-da02axgf-av8axbc-dr28u\/dc_firmwarexbf-tc04s_firmwarexem-dn32hpxbf-dc04a_firmwarexbc-dr28up\/dcxec-dr28u_firmwarexec-dr40suxec-dp40su_firmwarexgi-d28bxbc-dn20e_firmwarexec-dp40suxgi-cpusxec-dn\(p\)32uxec-dn20e_firmwarexgf-pn4bxgk-cpuh_firmwarexbc-dn64h_firmwarexgf-ah6axbf-ad04cxgf-m32e_firmwarexbe-dc16b_firmwarexbc-dr28ua_firmwarexbe-tn32a_firmwarexec-dn\(p\)32u\/dcxgf-ac4hxbe-ac08axgl-psea_firmwarexgl-dmebxec-dp60suxgi-cpuh_firmwarexbc-dp40suxbc-dr64h\/dcxbf-pn08b_firmwarexbc-dn\(p\)32u\/dcxgf-ad16axgf-dc4h_firmwarexgf-dc4s_firmwarexgq-tr8axec-dn20su_firmwarexbc-dn32h_firmwarexbc-dr28ua\/dck120sxbm-dp32hpk120s_firmwarexbc-dp40su_firmwarexgi-a21c_firmwarexec-dp10e_firmwarexec-dr28ua\/dc_firmwarexbf-dc04axbe-dr32axgf-dc8axbc-dn32hxbo-ah02a_firmwarexec-dr64h\/dixgf-pd3hxbe-tn16axgi-a21cxbe-dr16a_firmwarexem-dn32h2xbc-dr30su_firmwarexec-dr28u\/dcxgf-rd4axgi-d24axbc-dn60su_firmwarexgf-dc4a_firmwarexbo-m2mb_firmwarexgi-d24bk80s_firmwarexbc-dr28up\/dc_firmwarexgi-cpuuxec-dn10e_firmwarexbc-dn64h\/dc_firmwarexec-dn\(p\)32ua\/dcxec-dp14e_firmwarexgq-tr2a_firmwarexec-dn14exgf-po1h_firmwarexec-dr28ua_firmwarexec-dr28up\/dcxgk-cpus_firmwaregm7xec-dr64hxgf-po2h_firmwarexgf-dc4sxbf-tc04rtxgk-cpuuxbe-dc08axgl-efmtb_firmwarexbe-ry08bxbo-m2mbxbc-dn40suxbc-dr60su_firmwarexbc-dn20suxbe-tn08axbc-dr28upxbf-tc04ttxbg-pn04bxgi-d24a_firmwarexgf-rd4a_firmwarexec-dn20suxgq-ss2axbc-dr28ua\/dc_firmwarexec-dn\(p\)32upxbe-tp16axec-dr32h_firmwarexec-dr28up\/dc_firmwarexem-dp32hp_firmwarexgf-rd8a_firmwarexec-dr30e_firmwarexbf-dc04cxbo-rtcaxbc-dr30exbc-dp10e_firmwarexbc-dn64hxec-dr30exgi-a12axbg-pn08bxbf-pn04bxec-dr64h\/d1xbc-dr28u\/dcgm7u_firmwarexgf-dc4hxgf-pd1hxec-dp30e_firmwarexbc-dn32h\/dcxgl-pmebxec-dr32h\/dixec-dn\(p\)32ua_firmwarexec-dn64h_firmwarexbc-dr32h\/dcxec-dr64h\/d1_firmwarexgi-d21axec-dp32hxgf-po3h_firmwarexec-dr20exec-dp14exec-dn\(p\)32u\/dc_firmwarexec-dr64h_firmwarexec-dr60suxgi-a21axbf-pn08bxgf-rd4s_firmwarexbo-da02a_firmwarexec-dr20su_firmwarexgr-cpuh\/fxgf-aw4s_firmwarexgq-ry1a_firmwarexec-dr32hxgl-pmeb_firmwarexgf-tc4ud_firmwarexbe-ac08a_firmwarexbc-dp60su_firmwarexbc-dp20e_firmwarexgr-cpuh\/t_firmwarexbe-tn08a_firmwarexgf-pd3h_firmwarexec-dn\(p\)32u_firmwarexgi-cpuhxbe-tn16a_firmwarexgf-rd4sxbo-ad02axgf-dc4axgf-ah6a_firmwarexem-dp32h2xbc-dn\(p\)32up_firmwarexgf-dv8a_firmwarexec-dn30su_firmwarexgk-cpuhnxgf-pd2hxbc-dp14e_firmwarexec-dr10e_firmwarexbc-dn\(p\)32up\/dc_firmwarexec-dr20suxec-dr60su_firmwarexgf-ac8axgf-tc4rt_firmwarexgf-pd4h_firmwarexgi-cpuunxbc-dp20suxbf-ad08axgk-cpuhxbo-ah02axbc-dr60suxbf-ho02axgf-ho2axbc-dn10e_firmwarexbc-dn30e_firmwaregm7uxbf-ad04c_firmwarexgk-cpuexgq-tr8a_firmwarexbm-dp32hp_firmwarexbf-hd02a_firmwarexec-dn40su_firmwarexec-dn30exec-dp32h_firmwarexgq-ry2b_firmwarexbe-tn32axbc-dr20su_firmwarexgq-ry1axgq-tr4b_firmwarexgf-soea_firmwarexbf-pn04b_firmwarexgq-tr2b_firmwarexgr-cpuh\/txgr-cpuh\/f_firmwarexec-dp20e_firmwarexec-dn\(p\)32up_firmwarexbe-ry08a_firmwarexgf-m32exgf-pn8a_firmwarexbo-rd01axbc-dr20e_firmwarexbc-dn32h\/dc_firmwarexec-dn32h_firmwarexec-dr32h\/di_firmwarexgi-a21a_firmwarexbf-hd02axbo-ad02a_firmwarexbo-tc02axec-dn10exbc-dp20exgq-tr4axec-dr32h\/d1_firmwarexec-dr20e_firmwarexec-dr30suxgf-pn8bxbc-dp30suxgf-tc4udxbc-dn30su_firmwarexbe-tp16a_firmwarexbo-rtca_firmwarexgf-dl16axgq-ry2a_firmwarexgf-dc8a_firmwarexec-dr14exbg-pn08b_firmwarexgk-xpuh_firmwarexec-dp30su_firmwarexbc-dn\(p\)32up\/dcxgi-a12a_firmwarexbe-dc16bxbe-dc16a_firmwarexec-dn20exbm-dn32h2_firmwarexgi-d24b_firmwarexgf-pn8b_firmwarexec-dr30su_firmwarexgl-psra_firmwarexgl-efmtbxbe-tp08a_firmwarexbc-dr32h\/dc_firmwarexbf-dv04axbc-dr40suxbc-dn30suxbc-dn20su_firmwarexec-dr28ua\/dcxec-dp10exbf-rd04a_firmwarexbo-rd01a_firmwarexgr-cpuh\/s_firmwarexbe-dn32a_firmwarexbc-dn\(p\)32ua\/dc_firmwarexec-dn60suxgq-tr2axbm-dp16sxbc-dr40su_firmwarexbe-ry16axbf-ad04axbf-pd02a_firmwarexgi-cpuu_firmwarexbc-dr28up_firmwarexec-dp60su_firmwarexec-dn64hxgi-d28axbc-dr10e_firmwarexbe-ry08b_firmwarexbc-dr20exbe-dn32axem-dp32hpxbc-dn64h\/dcxgi-d22a_firmwarexbc-dr14exgf-ac4h_firmwarexbf-rd04axgl-c42b_firmwarexgq-tr8b_firmwarexgk-cpua_firmwarexbc-dr64h\/dc_firmwarexbe-ry16a_firmwarexec-dp30exgf-hd2axbe-dc32a_firmwarexbc-dp10exec-dr28uaxgf-soeaxbf-dc04c_firmwarexgf-pd1h_firmwarexec-dr28up_firmwarexbm-dn16s_firmwarexgk-cpuhn_firmwarexec-dr28uxbf-ad04a_firmwarexbc-dn\(p\)32uaxec-dn30suxbm-dn32h2xbo-tc02a_firmwarexbf-tc04tt_firmwarexec-dn14e_firmwarexbm-dp32h2_firmwarexbf-ah04axbe-tp08axgk-cpusxgq-tr2bxgf-h08a_firmwarexec-dp20exem-dn32hp_firmwarexgk-cpue_firmwarexbc-dr64hxbc-dr30suxbm-dp32h2xgi-d28a_firmwarexgq-tr4a_firmwarexec-dn32hxbf-tc04sxbf-tc04rt_firmwarexgf-ac8a_firmwarexbc-dr14e_firmwarexgf-pn8axbe-dc08a_firmwarexbc-dp30e_firmwarexgi-cpuexgf-pd4hxbc-dn14e_firmwarexgf-dv4s_firmwarexgi-d21a_firmwarexbf-dv04cxgr-cpuh\/sxbc-dn10exbe-ry08axgi-cpue_firmwarexbo-tn04axec-dr10exbo-tn04a_firmwarexbg-pn04b_firmwarexgq-ry2bxbe-dc32axec-dn40suxgf-aw4sxgf-po2hxgl-efmfb_firmwarexgk-cpusn_firmwarexec-dr28u\/dc_firmwarexec-dn30e_firmwarexgf-dv4a_firmwarexec-dn\(p\)32up\/dc_firmwarexbc-dn30egm7_firmwarexbe-dr32a_firmwarexem-dp32h2_firmwarexbe-tp32axgk-cpuunxgf-pn4b_firmwarexgf-tc4rtxbf-dv04c_firmwarexec-dp20su_firmwarexec-dn60su_firmwarexbf-dv04a_firmwarexgq-ss2a_firmwarexgk-cpuun_firmwarexbc-dr64h_firmwarexgq-tr1cxgi-cpuu\/dxg5000xbc-dn\(p\)32u\/dc_firmwarePLC: XGK-CPUU/H/A/S/EPLC: XGB-XECHPLC: XGR-CPUHPLC: XGI-CPUU/UD/H/S/EXG5000PLC: XGB-XBCHPLC: XGB-XBMS
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2025-7789
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 2.66%
||
7 Day CHG~0.00%
Published-18 Jul, 2025 | 15:14
Updated-22 Jul, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xuxueli xxl-job Token Generation IndexController.java makeToken weak password hash

A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Xuxueli
Product-xxl-job
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CVE-2020-3929
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 32.58%
||
7 Day CHG~0.00%
Published-12 Jun, 2020 | 08:25
Updated-17 Sep, 2024 | 02:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GeoVision Door Access Control Device - Shared cryptographic keys

GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.

Action-Not Available
Vendor-usavisionsysGeoVision
Product-geovision_gv-as1010geovision_gv-as1010_firmwaregeovision_gv-as410_firmwaregeovision_gv-gf192x_firmwaregeovision_gv-as210geovision_gv-as210_firmwaregeovision_gv-as810_firmwaregeovision_gv-as810geovision_gv-gf192xgeovision_gv-as410Door Access Control Device
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-38984
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:35
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managersecurity_guardium_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2020-12714
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.26% / 49.54%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 01:46
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in CipherMail Community Gateway Virtual Appliances and Professional/Enterprise Gateway Virtual Appliances versions 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger Virtual Appliances 1.1.1 through 3.1.1-0. A Diffie-Hellman parameter of insufficient size could allow man-in-the-middle compromise of communications between CipherMail products and external SMTP clients.

Action-Not Available
Vendor-ciphermailn/a
Product-gatewaywebmail_messengern/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2020-10919
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-5.9||MEDIUM
EPSS-0.37% / 57.83%
||
7 Day CHG~0.00%
Published-23 Jul, 2020 | 15:35
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When transmitting passwords, the process encrypts them in a recoverable format. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-10185.

Action-Not Available
Vendor-AutomationDirect
Product-ea9-t15clea9-t12clea9-t15cl-rea9-rhmiea9-t10clea9-t7cl-rea9-t8clc-more_hmi_ea9_firmwareea9-t6cl-rea9-t7clea9-t6clea9-pgmswea9-t10wclHMI EA9
CWE ID-CWE-261
Weak Encoding for Password
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2025-48823
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-23 Aug, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cryptographic Services Information Disclosure Vulnerability

Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_server_2022_23h2windows_10_21h2windows_11_24h2windows_server_2019windows_server_2025windows_server_2022windows_10_1607windows_11_23h2windows_10_1809windows_server_2016windows_10_1507windows_11_22h2Windows Server 2019Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2016Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 10 Version 1809Windows 10 Version 1607Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2022Windows 11 version 22H3Windows 11 Version 23H2Windows 10 Version 1507Windows 10 Version 22H2
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-4129
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.38%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 15:44
Updated-23 Sep, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.

Action-Not Available
Vendor-Dell Inc.
Product-data_protection_centralData Protection Central
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-33982
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.72%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 00:00
Updated-16 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol.

Action-Not Available
Vendor-briarprojectn/a
Product-briarn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-28021
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.70%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 18:55
Updated-21 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BigFix WebUI is vulnerable to use of a risky cryptographic algorithm

The BigFix WebUI uses weak cipher suites.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-bigfix_webuiHCL BigFix WebUI
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2019-19097
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 36.26%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 19:48
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ABB eSOMS: SSL medium strength Cipher Suites

ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection.

Action-Not Available
Vendor-Hitachi Energy Ltd.ABB
Product-esomseSOMS
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-16
Not Available
CVE-2019-18863
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.27%
||
7 Day CHG~0.00%
Published-02 Mar, 2020 | 17:52
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information.

Action-Not Available
Vendor-n/aMitel Networks Corp.
Product-6873i6865i69206930_firmware6863i6867i_firmware6869i_firmware693069406867i6920_firmware6865i_firmware6863i_firmware6940_firmware6869i6873i_firmwaren/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2019-4102
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 35.07%
||
7 Day CHG~0.00%
Published-01 Jul, 2019 | 15:05
Updated-17 Sep, 2024 | 04:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDB2 for Linux, UNIX and Windows
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2019-4151
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.35%
||
7 Day CHG~0.00%
Published-25 Jun, 2019 | 15:45
Updated-16 Sep, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_managerSecurity Access Manager
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2019-13163
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 32.99%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 22:45
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15.

Action-Not Available
Vendor-n/aRed Hat, Inc.Oracle CorporationMicrosoft CorporationFujitsu Limited
Product-granpower_5000_firmwareserverview_resource_orchestratorinterstage_application_development_cycle_managerwindows_small_business_server_2011linkexpresssystemwalker_runbook_automation_v14gsystemwalker_runbook_automationinterstage_application_serverprimepower_firmwaregp7000fgranpower_5000interstage_information_integrator_agentgp7000f_firmwaresparc_enterprise_m8000_firmwaresafeauthorsparc_enterprise_m3000celsius_firmwareenterprise_linuxprimergy_rx4770_m5sparc_enterprise_m3000_firmwaresystemwalker_operation_managerprimergy_rx2540_m5sparc_enterprise_m4000sparc_enterprise_m9000systemwalker_it_change_manager_v14gprimergy_tx2550_m5_firmwaresparc_enterprise_m8000sparc_m12-2primergy_rx2530_m5_firmwarewindows_server_2008primepowerinterstage_business_application_managerwindows_server_2016windows_server_2012solarissparc_enterprise_m9000_firmwaregpsprimergy_rx2540_m5_firmwaretriole_cloud_middle_set_b_setprimergy_rx2530_m5interstage_studiointerstage_list_workssparc_m12-1_firmwaresystemwalker_software_configuration_manager_expresssparc_enterprise_m4000_firmwaresparc_m12-1sparc_m12-2sinterstage_web_server_expresssystemwalker_desktop_patrolprimergy_rx4770_m5_firmwaresparc_enterprise_m5000_firmwareinterstage_information_integratorsparc_m12-2_firmwareprimergy_tx2550_m5systemwalker_security_controlprimequest_firmwaresparc_enterprise_m5000celsiusinterstage_job_workload_serversystemwalker_desktop_keepersystemwalker_software_configuration_managerprimequestgps_firmwarewindows_server_2019sparc_m12-2s_firmwaren/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-48193
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.80%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 00:00
Updated-28 Oct, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weak ciphers vulnerability in Softing smartLink SW-HT

Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL).

Action-Not Available
Vendor-softingn/a
Product-smartlink_sw-htn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-8455
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.1||HIGH
EPSS-0.10% / 29.03%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 07:24
Updated-04 Oct, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PLANET Technology switch devices - Swctrl service exchanges weakly encoded passwords

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.

Action-Not Available
Vendor-planetPLANET Technologyplanet_technology_corp
Product-gs-4210-24p2sgs-4210-24p2s_firmwareigs-5225-4up1t2sgs-4210-24pl4cgs-4210-24pl4c_firmwareigs-5225-4up1t2s_firmwareGS-4210-24P2S hardware 3.0IGS-5225-4UP1T2S hardware 1.0GS-4210-24PL4C hardware 2.0gs-4210-24pl4c_hardware_2.0gs-4210-24pl4c_hardware_3.0igs-5225-4up1t2s_hardware_1.0
CWE ID-CWE-261
Weak Encoding for Password
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-38867
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.2||HIGH
EPSS-0.10% / 28.43%
||
7 Day CHG+0.03%
Published-09 Jul, 2024 | 12:05
Updated-27 Aug, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.64), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.64), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.65), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.65), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.65), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.65), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.65), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.65), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.65), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.65), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.65), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.65), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.65), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.65), SIPROTEC 5 7SX85 (CP300) (All versions < V9.65), SIPROTEC 5 7UM85 (CP300) (All versions < V9.64), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.65), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.65), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.65), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.65), SIPROTEC 5 7VE85 (CP300) (All versions < V9.64), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.65), SIPROTEC 5 7VU85 (CP300) (All versions < V9.64), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.62), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.64). The affected devices are supporting weak ciphers on several ports (443/tcp for web, 4443/tcp for DIGSI 5 and configurable port for syslog over TLS). This could allow an unauthorized attacker in a man-in-the-middle position to decrypt any data passed over to and from those ports.

Action-Not Available
Vendor-Siemens AG
Product-SIPROTEC 5 6MD85 (CP300)SIPROTEC 5 7ST85 (CP200)SIPROTEC 5 7KE85 (CP200)SIPROTEC 5 7SD82 (CP150)SIPROTEC 5 7VK87 (CP300)SIPROTEC 5 7SD86 (CP200)SIPROTEC 5 7SS85 (CP200)SIPROTEC 5 7SA87 (CP300)SIPROTEC 5 7UT86 (CP200)SIPROTEC 5 7SD84 (CP200)SIPROTEC 5 7UT85 (CP200)SIPROTEC 5 7SA82 (CP100)SIPROTEC 5 7SJ81 (CP100)SIPROTEC 5 7UT82 (CP150)SIPROTEC 5 7VK87 (CP200)SIPROTEC 5 7SX82 (CP150)SIPROTEC 5 7SJ85 (CP200)SIPROTEC 5 Compact 7SX800 (CP050)SIPROTEC 5 7SJ81 (CP150)SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1)SIPROTEC 5 7SK82 (CP100)SIPROTEC 5 7SD87 (CP200)SIPROTEC 5 7SS85 (CP300)SIPROTEC 5 7SL82 (CP150)SIPROTEC 5 7SJ86 (CP200)SIPROTEC 5 7KE85 (CP300)SIPROTEC 5 7UT86 (CP300)SIPROTEC 5 6MD89 (CP300)SIPROTEC 5 7UT87 (CP200)SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1)SIPROTEC 5 7UT87 (CP300)SIPROTEC 5 7SK85 (CP200)SIPROTEC 5 7SL86 (CP300)SIPROTEC 5 7SA87 (CP200)SIPROTEC 5 7SA86 (CP200)SIPROTEC 5 6MD85 (CP200)SIPROTEC 5 7SK85 (CP300)SIPROTEC 5 7VU85 (CP300)SIPROTEC 5 6MU85 (CP300)SIPROTEC 5 7SL87 (CP300)SIPROTEC 5 7UT85 (CP300)SIPROTEC 5 7SL87 (CP200)SIPROTEC 5 7SD87 (CP300)SIPROTEC 5 7SA84 (CP200)SIPROTEC 5 7SL82 (CP100)SIPROTEC 5 7SD82 (CP100)SIPROTEC 5 7SA82 (CP150)SIPROTEC 5 7SL86 (CP200)SIPROTEC 5 7SJ82 (CP100)SIPROTEC 5 7SJ85 (CP300)SIPROTEC 5 7SJ86 (CP300)SIPROTEC 5 6MD86 (CP300)SIPROTEC 5 7ST85 (CP300)SIPROTEC 5 6MD84 (CP300)SIPROTEC 5 6MD86 (CP200)SIPROTEC 5 7SX85 (CP300)SIPROTEC 5 7UM85 (CP300)SIPROTEC 5 7SK82 (CP150)SIPROTEC 5 7ST86 (CP300)SIPROTEC 5 7UT82 (CP100)SIPROTEC 5 7SD86 (CP300)SIPROTEC 5 7VE85 (CP300)SIPROTEC 5 7SJ82 (CP150)SIPROTEC 5 Communication Module ETH-BD-2FOSIPROTEC 5 7SA86 (CP300)
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-38341
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 3.08%
||
7 Day CHG~0.00%
Published-28 May, 2025 | 15:21
Updated-16 Aug, 2025 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Secure Proxy information disclosure

IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_secure_proxySterling Secure Proxy
CWE ID-CWE-328
Use of Weak Hash
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-37034
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 13.34%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 00:00
Updated-14 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure.

Action-Not Available
Vendor-n/aCouchbase, Inc.
Product-couchbase_servern/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-29950
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.06%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 18:21
Updated-04 Feb, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Brocade SANnav before v2.3.1, v2.3.0a uses weak encryption

The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack.

Action-Not Available
Vendor-Broadcom Inc.Brocade Communications Systems, Inc. (Broadcom Inc.)
Product-brocade_sannavBrocade SANnavbrocade_sannav
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-30119
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-3.7||LOW
EPSS-0.03% / 5.39%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 21:34
Updated-02 Aug, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header.  This could allow an attacker to intercept or manipulate data during redirection.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-DRYiCE Optibot Reset Stationdryice_optibot_reset_station
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-5917
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.25% / 48.30%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 14:06
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-iq_centralized_managementbig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP, BIG-IQ
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2017-1712
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 40.43%
||
7 Day CHG~0.00%
Published-01 Jul, 2020 | 13:47
Updated-05 Aug, 2024 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions."

Action-Not Available
Vendor-n/aHCL Technologies Ltd.
Product-domino"HCL Domino"
CWE ID-CWE-326
Inadequate Encryption Strength
Details not found