Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-326:Inadequate Encryption Strength
Weakness ID:326
Version:v4.17
Weakness Name:Inadequate Encryption Strength
Vulnerability Mapping:Allowed-with-Review
Abstraction:Class
Structure:Simple
Status:Draft
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
433Vulnerabilities found
CVE-2021-40341
Assigner-Hitachi Energy
ShareView Details
Assigner-Hitachi Energy
CVSS Score-7.1||HIGH
EPSS-0.03% / 9.09%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 21:26
Updated-10 Apr, 2025 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weak DES encryption

DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects  * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C;  * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs:  * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-foxman-ununemUNEMFOXMAN-UN
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-2582
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.90%
||
7 Day CHG~0.00%
Published-27 Dec, 2022 | 21:13
Updated-11 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exposure of unencrypted plaintext hash in github.com/aws/aws-sdk-go

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.

Action-Not Available
Vendor-amazongithub.com/aws/aws-sdk-go
Product-aws_software_development_kitgithub.com/aws/aws-sdk-go/service/s3/s3crypto
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-24116
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 23.82%
||
7 Day CHG~0.00%
Published-26 Dec, 2022 | 00:00
Updated-12 Apr, 2025 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0.

Action-Not Available
Vendor-gen/a
Product-inet_900_firmwaresd4sd9td220x_firmwaresd9_firmwareinet_ii_900sd1sd1_firmwaretd220maxinet_ii_900_firmwaresd2_firmwareinet_900sd4_firmwaretd220max_firmwaresd2td220xn/a
CWE ID-CWE-325
Missing Cryptographic Step
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-47931
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.65%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IO FinNet tss-lib before 2.0.0 allows a collision of hash values.

Action-Not Available
Vendor-iofinnetn/a
Product-tss-libn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-38659
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-6||MEDIUM
EPSS-0.05% / 15.47%
||
7 Day CHG~0.00%
Published-17 Dec, 2022 | 18:44
Updated-17 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix Platform is affected by insecure credential storage

In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.

Action-Not Available
Vendor-Microsoft CorporationHCL Technologies Ltd.
Product-bigfix_platformwindowsBigFix Platform
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-2640
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.40%
||
7 Day CHG~0.00%
Published-12 Dec, 2022 | 01:50
Updated-16 Apr, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP).

Action-Not Available
Vendor-hornerautomationHorner Automation
Product-rcc972rcc972_firmwareRemote Compact Controller (RCC) 972
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-46825
Assigner-JetBrains s.r.o.
ShareView Details
Assigner-JetBrains s.r.o.
CVSS Score-4||MEDIUM
EPSS-0.00% / 0.01%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 17:37
Updated-23 Apr, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.

Action-Not Available
Vendor-JetBrains s.r.o.
Product-intellij_ideaIntelliJ IDEA
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-4036
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.03%
||
7 Day CHG~0.00%
Published-29 Nov, 2022 | 20:34
Updated-23 Jan, 2025 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie.

Action-Not Available
Vendor-CodePeople
Product-appointment_hour_bookingAppointment Hour Booking – WordPress Booking Plugin
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-45379
Assigner-Jenkins Project
ShareView Details
Assigner-Jenkins Project
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.56%
||
7 Day CHG~0.00%
Published-15 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.

Action-Not Available
Vendor-Jenkins
Product-script_securityJenkins Script Security Plugin
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2020-4099
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 39.26%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 17:55
Updated-02 May, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Verse for Android is susceptible to an APK signing key check vulnerability

The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-verseHCL Verse for Android
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-41209
Assigner-SAP SE
ShareView Details
Assigner-SAP SE
CVSS Score-5.2||MEDIUM
EPSS-0.02% / 5.28%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-20 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks.

Action-Not Available
Vendor-SAP SE
Product-customer_data_cloudSAP Customer Data Cloud (Gigya)
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-35226
Assigner-SolarWinds
ShareView Details
Assigner-SolarWinds
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 53.98%
||
7 Day CHG~0.00%
Published-10 Oct, 2022 | 00:00
Updated-24 Feb, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hashed Credential Exposure Vulnerability

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.
Product-network_configuration_managerNetwork Configuration Manager
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-3433
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 52.57%
||
7 Day CHG~0.00%
Published-10 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.

Action-Not Available
Vendor-haskelln/a
Product-aesonaeson
CWE ID-CWE-328
Use of Weak Hash
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-3273
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-3.6||LOW
EPSS-0.19% / 40.57%
||
7 Day CHG~0.00%
Published-06 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.

Action-Not Available
Vendor-IKUS Software
Product-rdiffwebikus060/rdiffweb
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-29835
Assigner-Western Digital
ShareView Details
Assigner-Western Digital
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 22.96%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 19:43
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WD Discovery's Use of Weak Hashing Algorithm for Code Signing

WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.

Action-Not Available
Vendor-Western Digital Corp.
Product-wd_discoveryWD Discovery
CWE ID-CWE-328
Use of Weak Hash
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-35931
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-2.7||LOW
EPSS-0.06% / 19.18%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 18:10
Updated-23 Apr, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nextcloud Password Policy's generated passwords are not fully validated by HIBPValidator

Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud Server to 22.2.10, 23.0.7 or 24.0.3 to receive a patch for the issue in Password Policy. There are no known workarounds available.

Action-Not Available
Vendor-Nextcloud GmbH
Product-password_policysecurity-advisories
CWE ID-CWE-261
Weak Encoding for Password
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-2758
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.40%
||
7 Day CHG+0.01%
Published-31 Aug, 2022 | 15:33
Updated-16 Apr, 2025 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Update

Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic.

Action-Not Available
Vendor-LS ELECTRIC Co. Ltd.
Product-xgk-cpuu_firmwarexbc-dr28uaxgk-cpusnxbm-dn32s_firmwarexgf-rd8axbc-dn\(p\)32uxec-dn\(p\)32up\/dcxgl-ch2b_firmwarexgl-ch2bxbf-pd02axec-dr32h\/d1xgi-cpuu\/d_firmwarexgi-cpuun_firmwarexgq-tr4bxbc-dr30e_firmwarexem-dn32h2_firmwarexec-dp64hxgl-psraxbc-dn60suxgi-d22b_firmwarexec-dr40su_firmwarexgf-tc4sxbf-ah04a_firmwarexbc-dn\(p\)32ua_firmwarexgf-ho2a_firmwarexbe-tp32a_firmwarexgk-xpuhxbc-dr28u_firmwarexbf-ho02a_firmwarexbc-dr32h_firmwarexbe-dc16axbc-dr10exgf-dl16a_firmwarexbm-dn32sxbc-dp30su_firmwarexec-dr64h\/di_firmwarexgq-tr1c_firmwarexgf-po4hxec-dn\(p\)32ua\/dc_firmwarexgi-d28b_firmwarexgl-c22bxgf-ad16a_firmwarexec-dp20suxec-dr14e_firmwarexbc-dn20exbc-dp60suxgf-tc4s_firmwarexgf-dv4axgf-po3hxbc-dp30exgf-dv8axbo-dc04a_firmwarexgf-hd2a_firmwarexgf-pd2h_firmwarexbc-dn\(p\)32u_firmwarexgl-dmeb_firmwarexgq-ry2axgf-h08axgf-po4h_firmwarexec-dr28upxbc-dn\(p\)32upk80sxbm-dn32hpxbe-dr16axec-dn\(p\)32uaxbf-ad08a_firmwarexbc-dr20suxbc-dn40su_firmwarexgf-av8a_firmwarexbm-dn32hp_firmwarexgf-po1hxgk-cpuaxbc-dp20su_firmwarexbc-dp14exgl-efmfbxbc-dr28uxgl-c22b_firmwarexgi-cpus_firmwarexgi-d22axgf-dv4sxgq-tr8bxbc-dn\(p\)32ua\/dcxbc-dr32hxbm-dp16s_firmwarexbm-dn16sxbo-dc04axec-dp30suxec-dp64h_firmwarexbc-dn14exgl-c42bxgi-d22bxgl-pseaxbo-da02axgf-av8axbc-dr28u\/dc_firmwarexbf-tc04s_firmwarexem-dn32hpxbf-dc04a_firmwarexbc-dr28up\/dcxec-dr28u_firmwarexec-dr40suxec-dp40su_firmwarexgi-d28bxbc-dn20e_firmwarexec-dp40suxgi-cpusxec-dn\(p\)32uxec-dn20e_firmwarexgf-pn4bxgk-cpuh_firmwarexbc-dn64h_firmwarexgf-ah6axbf-ad04cxgf-m32e_firmwarexbe-dc16b_firmwarexbc-dr28ua_firmwarexbe-tn32a_firmwarexec-dn\(p\)32u\/dcxgf-ac4hxbe-ac08axgl-psea_firmwarexgl-dmebxec-dp60suxgi-cpuh_firmwarexbc-dp40suxbc-dr64h\/dcxbf-pn08b_firmwarexbc-dn\(p\)32u\/dcxgf-ad16axgf-dc4h_firmwarexgf-dc4s_firmwarexgq-tr8axec-dn20su_firmwarexbc-dn32h_firmwarexbc-dr28ua\/dck120sxbm-dp32hpk120s_firmwarexbc-dp40su_firmwarexgi-a21c_firmwarexec-dp10e_firmwarexec-dr28ua\/dc_firmwarexbf-dc04axbe-dr32axgf-dc8axbc-dn32hxbo-ah02a_firmwarexec-dr64h\/dixgf-pd3hxbe-tn16axgi-a21cxbe-dr16a_firmwarexem-dn32h2xbc-dr30su_firmwarexec-dr28u\/dcxgf-rd4axgi-d24axbc-dn60su_firmwarexgf-dc4a_firmwarexbo-m2mb_firmwarexgi-d24bk80s_firmwarexbc-dr28up\/dc_firmwarexgi-cpuuxec-dn10e_firmwarexbc-dn64h\/dc_firmwarexec-dn\(p\)32ua\/dcxec-dp14e_firmwarexgq-tr2a_firmwarexec-dn14exgf-po1h_firmwarexec-dr28ua_firmwarexec-dr28up\/dcxgk-cpus_firmwaregm7xec-dr64hxgf-po2h_firmwarexgf-dc4sxbf-tc04rtxgk-cpuuxbe-dc08axgl-efmtb_firmwarexbe-ry08bxbo-m2mbxbc-dn40suxbc-dr60su_firmwarexbc-dn20suxbe-tn08axbc-dr28upxbf-tc04ttxbg-pn04bxgi-d24a_firmwarexgf-rd4a_firmwarexec-dn20suxgq-ss2axbc-dr28ua\/dc_firmwarexec-dn\(p\)32upxbe-tp16axec-dr32h_firmwarexec-dr28up\/dc_firmwarexem-dp32hp_firmwarexgf-rd8a_firmwarexec-dr30e_firmwarexbf-dc04cxbo-rtcaxbc-dr30exbc-dp10e_firmwarexbc-dn64hxec-dr30exgi-a12axbg-pn08bxbf-pn04bxec-dr64h\/d1xbc-dr28u\/dcgm7u_firmwarexgf-dc4hxgf-pd1hxec-dp30e_firmwarexbc-dn32h\/dcxgl-pmebxec-dr32h\/dixec-dn\(p\)32ua_firmwarexec-dn64h_firmwarexbc-dr32h\/dcxec-dr64h\/d1_firmwarexgi-d21axec-dp32hxgf-po3h_firmwarexec-dr20exec-dp14exec-dn\(p\)32u\/dc_firmwarexec-dr64h_firmwarexec-dr60suxgi-a21axbf-pn08bxgf-rd4s_firmwarexbo-da02a_firmwarexec-dr20su_firmwarexgr-cpuh\/fxgf-aw4s_firmwarexgq-ry1a_firmwarexec-dr32hxgl-pmeb_firmwarexgf-tc4ud_firmwarexbe-ac08a_firmwarexbc-dp60su_firmwarexbc-dp20e_firmwarexgr-cpuh\/t_firmwarexbe-tn08a_firmwarexgf-pd3h_firmwarexec-dn\(p\)32u_firmwarexgi-cpuhxbe-tn16a_firmwarexgf-rd4sxbo-ad02axgf-dc4axgf-ah6a_firmwarexem-dp32h2xbc-dn\(p\)32up_firmwarexgf-dv8a_firmwarexec-dn30su_firmwarexgk-cpuhnxgf-pd2hxbc-dp14e_firmwarexec-dr10e_firmwarexbc-dn\(p\)32up\/dc_firmwarexec-dr20suxec-dr60su_firmwarexgf-ac8axgf-tc4rt_firmwarexgf-pd4h_firmwarexgi-cpuunxbc-dp20suxbf-ad08axgk-cpuhxbo-ah02axbc-dr60suxbf-ho02axgf-ho2axbc-dn10e_firmwarexbc-dn30e_firmwaregm7uxbf-ad04c_firmwarexgk-cpuexgq-tr8a_firmwarexbm-dp32hp_firmwarexbf-hd02a_firmwarexec-dn40su_firmwarexec-dn30exec-dp32h_firmwarexgq-ry2b_firmwarexbe-tn32axbc-dr20su_firmwarexgq-ry1axgq-tr4b_firmwarexgf-soea_firmwarexbf-pn04b_firmwarexgq-tr2b_firmwarexgr-cpuh\/txgr-cpuh\/f_firmwarexec-dp20e_firmwarexec-dn\(p\)32up_firmwarexbe-ry08a_firmwarexgf-m32exgf-pn8a_firmwarexbo-rd01axbc-dr20e_firmwarexbc-dn32h\/dc_firmwarexec-dn32h_firmwarexec-dr32h\/di_firmwarexgi-a21a_firmwarexbf-hd02axbo-ad02a_firmwarexbo-tc02axec-dn10exbc-dp20exgq-tr4axec-dr32h\/d1_firmwarexec-dr20e_firmwarexec-dr30suxgf-pn8bxbc-dp30suxgf-tc4udxbc-dn30su_firmwarexbe-tp16a_firmwarexbo-rtca_firmwarexgf-dl16axgq-ry2a_firmwarexgf-dc8a_firmwarexec-dr14exbg-pn08b_firmwarexgk-xpuh_firmwarexec-dp30su_firmwarexbc-dn\(p\)32up\/dcxgi-a12a_firmwarexbe-dc16bxbe-dc16a_firmwarexec-dn20exbm-dn32h2_firmwarexgi-d24b_firmwarexgf-pn8b_firmwarexec-dr30su_firmwarexgl-psra_firmwarexgl-efmtbxbe-tp08a_firmwarexbc-dr32h\/dc_firmwarexbf-dv04axbc-dr40suxbc-dn30suxbc-dn20su_firmwarexec-dr28ua\/dcxec-dp10exbf-rd04a_firmwarexbo-rd01a_firmwarexgr-cpuh\/s_firmwarexbe-dn32a_firmwarexbc-dn\(p\)32ua\/dc_firmwarexec-dn60suxgq-tr2axbm-dp16sxbc-dr40su_firmwarexbe-ry16axbf-ad04axbf-pd02a_firmwarexgi-cpuu_firmwarexbc-dr28up_firmwarexec-dp60su_firmwarexec-dn64hxgi-d28axbc-dr10e_firmwarexbe-ry08b_firmwarexbc-dr20exbe-dn32axem-dp32hpxbc-dn64h\/dcxgi-d22a_firmwarexbc-dr14exgf-ac4h_firmwarexbf-rd04axgl-c42b_firmwarexgq-tr8b_firmwarexgk-cpua_firmwarexbc-dr64h\/dc_firmwarexbe-ry16a_firmwarexec-dp30exgf-hd2axbe-dc32a_firmwarexbc-dp10exec-dr28uaxgf-soeaxbf-dc04c_firmwarexgf-pd1h_firmwarexec-dr28up_firmwarexbm-dn16s_firmwarexgk-cpuhn_firmwarexec-dr28uxbf-ad04a_firmwarexbc-dn\(p\)32uaxec-dn30suxbm-dn32h2xbo-tc02a_firmwarexbf-tc04tt_firmwarexec-dn14e_firmwarexbm-dp32h2_firmwarexbf-ah04axbe-tp08axgk-cpusxgq-tr2bxgf-h08a_firmwarexec-dp20exem-dn32hp_firmwarexgk-cpue_firmwarexbc-dr64hxbc-dr30suxbm-dp32h2xgi-d28a_firmwarexgq-tr4a_firmwarexec-dn32hxbf-tc04sxbf-tc04rt_firmwarexgf-ac8a_firmwarexbc-dr14e_firmwarexgf-pn8axbe-dc08a_firmwarexbc-dp30e_firmwarexgi-cpuexgf-pd4hxbc-dn14e_firmwarexgf-dv4s_firmwarexgi-d21a_firmwarexbf-dv04cxgr-cpuh\/sxbc-dn10exbe-ry08axgi-cpue_firmwarexbo-tn04axec-dr10exbo-tn04a_firmwarexbg-pn04b_firmwarexgq-ry2bxbe-dc32axec-dn40suxgf-aw4sxgf-po2hxgl-efmfb_firmwarexgk-cpusn_firmwarexec-dr28u\/dc_firmwarexec-dn30e_firmwarexgf-dv4a_firmwarexec-dn\(p\)32up\/dc_firmwarexbc-dn30egm7_firmwarexbe-dr32a_firmwarexem-dp32h2_firmwarexbe-tp32axgk-cpuunxgf-pn4b_firmwarexgf-tc4rtxbf-dv04c_firmwarexec-dp20su_firmwarexec-dn60su_firmwarexbf-dv04a_firmwarexgq-ss2a_firmwarexgk-cpuun_firmwarexbc-dr64h_firmwarexgq-tr1cxgi-cpuu\/dxg5000xbc-dn\(p\)32u\/dc_firmwarePLC: XGK-CPUU/H/A/S/EPLC: XGB-XECHPLC: XGR-CPUHPLC: XGI-CPUU/UD/H/S/EXG5000PLC: XGB-XBCHPLC: XGB-XBMS
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-36555
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.60%
||
7 Day CHG~0.00%
Published-29 Aug, 2022 | 22:46
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack.

Action-Not Available
Vendor-hytecn/a
Product-hwl-2511-ss_firmwarehwl-2511-ssn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-21139
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.45%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 19:41
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-wi-fi_6e_ax411_firmwarewireless-ac_9461wireless-ac_9560_firmwarewireless-ac_9260_firmwarewireless-ac_9260wi-fi_6e_ax211_firmwarewi-fi_6_ax200_firmwarewi-fi_6_ax201_firmwarewi-fi_6e_ax411proset_wi-fi_6e_ax210proset_wi-fi_6e_ax210_firmwarewireless-ac_9462wireless-ac_9462_firmwarewi-fi_6_ax200wi-fi_6_ax201wireless-ac_9461_firmwarewireless-ac_9560wi-fi_6e_ax211Intel(R) PROSet/Wireless WiFi products
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-30285
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 49.86%
||
7 Day CHG~0.00%
Published-02 Aug, 2022 | 21:38
Updated-03 Aug, 2024 | 06:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-kace_systems_management_appliancen/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-26307
Assigner-Document Foundation, The
ShareView Details
Assigner-Document Foundation, The
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.40%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weak Master Keys

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3.

Action-Not Available
Vendor-libreofficeThe Document FoundationDebian GNU/Linux
Product-debian_linuxlibreofficeLibreOffice
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-26306
Assigner-Document Foundation, The
ShareView Details
Assigner-Document Foundation, The
CVSS Score-7.5||HIGH
EPSS-0.36% / 58.02%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Execution of Untrusted Macros Due to Improper Certificate Validation

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.

Action-Not Available
Vendor-libreofficeThe Document FoundationDebian GNU/Linux
Product-debian_linuxlibreofficeLibreOffice
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2022-22453
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 18.29%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 17:40
Updated-16 Sep, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 224919.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_governancelinux_kernelSecurity Verify Governance
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-22464
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.78%
||
7 Day CHG~0.00%
Published-08 Jul, 2022 | 17:45
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-31459
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.15% / 35.55%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 21:40
Updated-03 Aug, 2024 | 07:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth.

Action-Not Available
Vendor-owllabsn/a
Product-meeting_owl_promeeting_owl_pro_firmwaren/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-29249
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.20%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 15:15
Updated-23 Apr, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reversible One-Way Hash and Use of a Broken or Risky Cryptographic Algorithm in io.github.javaezlib.JavaEZ

JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. The vulnerability has been patched in release 1.7. Currently, there is no way to fix the issue without upgrading.

Action-Not Available
Vendor-javaez_projectJavaEZLib
Product-javaezJavaEZ
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-328
Use of Weak Hash
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2020-16235
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-3.8||LOW
EPSS-0.02% / 3.19%
||
7 Day CHG~0.00%
Published-19 May, 2022 | 17:23
Updated-16 Apr, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Emerson OpenEnterprise - Inadequate Encryption Strength

Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained.

Action-Not Available
Vendor-emersonEmerson
Product-openenterprise_scada_serverOpen Enterprise
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-27761
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-4.8||MEDIUM
EPSS-0.12% / 30.36%
||
7 Day CHG~0.00%
Published-06 May, 2022 | 18:10
Updated-16 Sep, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix Platform is affected by weak web transport security

Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-bigfix_platformBigFix Platform
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-29161
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.22% / 44.18%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 23:35
Updated-23 Apr, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crypto script service uses hashing algorithm SHA1 with RSA for certificate signature in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. The problem has been patched in XWiki version 13.10.6, 14.3.1 and 14.4-rc-1. Since then, the Crypto API will generate X509 certificates signed by default using SHA256 with RSA. Administrators are advised to upgrade their XWiki installation to one of the patched versions. If the upgrade is not possible, it is possible to patch the module xwiki-platform-crypto in a local installation by applying the change exposed in 26728f3 and re-compiling the module.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-32010
Assigner-Secomea A/S
ShareView Details
Assigner-Secomea A/S
CVSS Score-5.6||MEDIUM
EPSS-0.10% / 28.24%
||
7 Day CHG~0.00%
Published-04 May, 2022 | 13:45
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clients may connect to a GateManager with TLS 1.0

Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7.

Action-Not Available
Vendor-Secomea A/S
Product-gatemanager_9250_firmwaregatemanager_8250_firmwarelinkmanagersitemanager_1139_firmwaregatemanager_9250sitemanager_1129sitemanager_3539gatemanager_4250sitemanager_3529sitemanager_1139gatemanager_4260sitemanager_3329sitemanager_1149gatemanager_4260_firmwaresitemanager_3329_firmwaresitemanager_3549_firmwaregatemanager_8250sitemanager_3529_firmwaresitemanager_3539_firmwaresitemanager_3349sitemanager_3349_firmwaresitemanager_1149_firmwaresitemanager_1129_firmwaregatemanager_4250_firmwaresitemanager_3339sitemanager_3549sitemanager_3339_firmwareSiteManagerLinkManagerGateManager
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-22368
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.78%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 18:20
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-spectrum_scaleaixwindowslinux_kernelSpectrum Scale
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-29566
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.25% / 48.20%
||
7 Day CHG~0.00%
Published-21 Apr, 2022 | 18:47
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation fails to include all of the public values from the Zero Knowledge proof statement as well as all of the public values computed in the proof, aka the Frozen Heart issue.

Action-Not Available
Vendor-bulletproofs_projectn/a
Product-bulletproofsn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-1318
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 2.47%
||
7 Day CHG~0.00%
Published-20 Apr, 2022 | 15:30
Updated-16 Apr, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hills ComNav Inadequate Encryption Strength

Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. The communication encryption scheme is theoretically sound, but is not strong enough for the level of protection required.

Action-Not Available
Vendor-carrierInterlogix
Product-hills_comnav_firmwarehills_comnavComNav
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-20677
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 36.93%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:16
Updated-06 Nov, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOx Application Hosting Environment Vulnerabilities

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-820188008101-32hcatalyst_3850catalyst_3650catalyst_9200asr_90101100-6g_integrated_services_routercatalyst_ie3400catalyst_ie9300catalyst_9500h1160_integrated_services_router8202catalyst_9600asr_1002-hxasr_9902ioscatalyst_cg418-easr_9006catalyst_8200catalyst_ie3200catalyst_9800-801109_integrated_services_routercatalyst_9400catalyst_8300111x_integrated_services_routerasr_9000v-v21120_integrated_services_routercatalyst_8500asr_1006-xcatalyst_9800-l1100-4g_integrated_services_router1111x_integrated_services_router8201-32fhasr_900asr_9903catalyst_9800-40catalyst_9800catalyst_8500lcatalyst_9500cloud_services_router_1000v8101-32fhasr_9001catalyst_ess93004221_integrated_services_routerasr_9910asr_9906esr6300asr_9904asr_9912asr_9922catalyst_9300catalyst_9800-clasr_1001-xcatalyst_cg522-eesr33001101_integrated_services_routercatalyst_ie33008102-64h1131_integrated_services_routerasr_1009-xasr_9901Cisco IOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-25156
Assigner-Mitsubishi Electric Corporation
ShareView Details
Assigner-Mitsubishi Electric Corporation
CVSS Score-8.1||HIGH
EPSS-0.39% / 59.42%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash.

Action-Not Available
Vendor-n/aMitsubishi Electric Corporation
Product-fx5uj-24mt\/essfx5uc-32mt\/dss_firmwarefx5uj-24mt\/es_firmwarefx5uj-60mr\/es_firmwarefx5uj_firmwarefx5uj-60mt\/esfx5uj-60mt\/essfx5uc-32mt\/dss-tsfx5ucfx5uc-32mt\/dfx5uj-40mt\/es_firmwarefx5uj-60mt\/es_firmwarefx5uj-24mt\/ess_firmwarefx5uc-32mt\/ds-tsfx5ujfx5uc_firmwarefx5uj-60mr\/esfx5uj-60mt\/ess_firmwarefx5uj-24mr\/esfx5uc-32mr\/ds-ts_firmwarefx5uj-40mt\/ess_firmwarefx5uc-32mr\/ds-tsfx5uc-32mt\/dssfx5uj-40mr\/es_firmwarefx5uc-32mt\/ds-ts_firmwarefx5uj-24mr\/es_firmwarefx5uj-40mt\/essfx5uj-40mt\/esfx5uj-24mt\/esfx5uj-40mr\/esfx5uc-32mt\/dss-ts_firmwarefx5uc-32mt\/d_firmwareMitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC Q series QJ72BR15; Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE); Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-32945
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.92%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-16 Apr, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MDT AutoSave Inadequate Encryption Strength

An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06.

Action-Not Available
Vendor-auvesy-mdtMDT Software
Product-autosaveautosave_for_system_platformA4SPAutoSave for System Platform (A4SP)MDT AutoSave
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-37209
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-6.7||MEDIUM
EPSS-0.09% / 25.69%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 00:00
Updated-12 Aug, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < V4.3.8), RUGGEDCOM M2200 (All versions < V4.3.8), RUGGEDCOM M969 (All versions < V4.3.8), RUGGEDCOM RMC30 (All versions < V4.3.8), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.8), RUGGEDCOM RMC8388 V5.X (All versions < V5.7.0), RUGGEDCOM RP110 (All versions < V4.3.8), RUGGEDCOM RS1600 (All versions < V4.3.8), RUGGEDCOM RS1600F (All versions < V4.3.8), RUGGEDCOM RS1600T (All versions < V4.3.8), RUGGEDCOM RS400 (All versions < V4.3.8), RUGGEDCOM RS401 (All versions < V4.3.8), RUGGEDCOM RS416 (All versions < V4.3.8), RUGGEDCOM RS416P (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.7.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416v2 V5.X (All versions < V5.7.0), RUGGEDCOM RS8000 (All versions < V4.3.8), RUGGEDCOM RS8000A (All versions < V4.3.8), RUGGEDCOM RS8000H (All versions < V4.3.8), RUGGEDCOM RS8000T (All versions < V4.3.8), RUGGEDCOM RS900 (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900G (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900GP (All versions < V4.3.8), RUGGEDCOM RS900L (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-XX (All versions < V4.3.8), RUGGEDCOM RS900M-STND-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-STND-XX (All versions < V4.3.8), RUGGEDCOM RS900W (All versions < V4.3.8), RUGGEDCOM RS910 (All versions < V4.3.8), RUGGEDCOM RS910L (All versions < V4.3.8), RUGGEDCOM RS910W (All versions < V4.3.8), RUGGEDCOM RS920L (All versions < V4.3.8), RUGGEDCOM RS920W (All versions < V4.3.8), RUGGEDCOM RS930L (All versions < V4.3.8), RUGGEDCOM RS930W (All versions < V4.3.8), RUGGEDCOM RS940G (All versions < V4.3.8), RUGGEDCOM RS969 (All versions < V4.3.8), RUGGEDCOM RSG2100 (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2100P (All versions < V4.3.8), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2200 (All versions < V4.3.8), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2288 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300P V5.X (All versions < V5.7.0), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2488 V5.X (All versions < V5.7.0), RUGGEDCOM RSG907R (All versions < V5.7.0), RUGGEDCOM RSG908C (All versions < V5.7.0), RUGGEDCOM RSG909R (All versions < V5.7.0), RUGGEDCOM RSG910C (All versions < V5.7.0), RUGGEDCOM RSG920P V4.X (All versions < V4.3.8), RUGGEDCOM RSG920P V5.X (All versions < V5.7.0), RUGGEDCOM RSL910 (All versions < V5.7.0), RUGGEDCOM RST2228 (All versions < V5.7.0), RUGGEDCOM RST2228P (All versions < V5.7.0), RUGGEDCOM RST916C (All versions < V5.7.0), RUGGEDCOM RST916P (All versions < V5.7.0). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rs969ruggedcom_rs910ruggedcom_rsg2100ruggedcom_rsg2300pruggedcom_rs930lruggedcom_rsg907rruggedcom_rsg910cruggedcom_rs416ruggedcom_rs900wruggedcom_i801ruggedcom_rosruggedcom_m2100ruggedcom_rmcruggedcom_i800ruggedcom_rst2228ruggedcom_rs930wruggedcom_rmc8388ruggedcom_rsg2200ruggedcom_rs900ruggedcom_rs401ruggedcom_rs8000truggedcom_rsg909rruggedcom_rp110ruggedcom_rs910lruggedcom_i802ruggedcom_m969ruggedcom_rs910wruggedcom_rsg2100pruggedcom_rs8000ruggedcom_rst916pruggedcom_rs900gpruggedcom_rs900lruggedcom_rmc40ruggedcom_rsl910ruggedcom_rmc41ruggedcom_rsg920pruggedcom_rs920wruggedcom_rs416v2ruggedcom_rs8000aruggedcom_rsg2300ruggedcom_rst916cruggedcom_m2200ruggedcom_rs400ruggedcom_rst2228pruggedcom_rmc20ruggedcom_rs8000hruggedcom_rsg908cruggedcom_i803ruggedcom_rsg2488ruggedcom_rs900gruggedcom_rsg2288ruggedcom_rs920lruggedcom_rs940gruggedcom_rmc30RUGGEDCOM RS8000RUGGEDCOM RS900LRUGGEDCOM RSG2300 V4.XRUGGEDCOM RSG920P V4.XRUGGEDCOM RS930WRUGGEDCOM RS910LRUGGEDCOM RS416v2 V5.XRUGGEDCOM RSG2300P V4.XRUGGEDCOM RSG2100 (32M) V5.XRUGGEDCOM RS416Pv2 V4.XRUGGEDCOM RS1600RUGGEDCOM RS920WRUGGEDCOM RS940GRUGGEDCOM M2200RUGGEDCOM RS910RUGGEDCOM RS900RUGGEDCOM RSG908CRUGGEDCOM RS920LRUGGEDCOM RMC8388 V4.XRUGGEDCOM RSG2100RUGGEDCOM RS8000HRUGGEDCOM RS400RUGGEDCOM RS8000TRUGGEDCOM RS900G (32M) V4.XRUGGEDCOM M969RUGGEDCOM RS900GRUGGEDCOM RS900M-STND-XXRUGGEDCOM RS8000ARUGGEDCOM RS900WRUGGEDCOM i803RUGGEDCOM RMC8388 V5.XRUGGEDCOM RSG910CRUGGEDCOM RSG2288 V4.XRUGGEDCOM RS969RUGGEDCOM RSG2200RUGGEDCOM RS900 (32M) V4.XRUGGEDCOM RSG909RRUGGEDCOM RS416RUGGEDCOM RST2228PRUGGEDCOM RSG2100PRUGGEDCOM i800RUGGEDCOM RS416PRUGGEDCOM RS900M-STND-C01RUGGEDCOM RS900M-GETS-XXRUGGEDCOM RST916PRUGGEDCOM RSG920P V5.XRUGGEDCOM RSG2100 (32M) V4.XRUGGEDCOM RSG2288 V5.XRUGGEDCOM RS1600FRUGGEDCOM RSL910RUGGEDCOM RSG907RRUGGEDCOM RS930LRUGGEDCOM RSG2300P V5.XRUGGEDCOM RS910WRUGGEDCOM RSG2300 V5.XRUGGEDCOM RST916CRUGGEDCOM RS900GPRUGGEDCOM RSG2488 V4.XRUGGEDCOM i802RUGGEDCOM RSG2100P (32M) V4.XRUGGEDCOM RSG2488 V5.XRUGGEDCOM RST2228RUGGEDCOM RS401RUGGEDCOM RMC30RUGGEDCOM M2100RUGGEDCOM RS1600TRUGGEDCOM RS900G (32M) V5.XRUGGEDCOM RS416Pv2 V5.XRUGGEDCOM RS900M-GETS-C01RUGGEDCOM RS900 (32M) V5.XRUGGEDCOM RP110RUGGEDCOM i801RUGGEDCOM RSG2100P (32M) V5.XRUGGEDCOM RS416v2 V4.X
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-25012
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.80% / 73.71%
||
7 Day CHG~0.00%
Published-01 Mar, 2022 | 22:38
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Argus Surveillance DVR v4.0 employs weak password encryption.

Action-Not Available
Vendor-argussurveillancen/a
Product-dvrn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-22321
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 6.69%
||
7 Day CHG~0.00%
Published-01 Mar, 2022 | 16:45
Updated-16 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368.

Action-Not Available
Vendor-IBM Corporation
Product-mqMQ Appliance
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2020-10636
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 9.34%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 18:50
Updated-16 Apr, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ICSA-20-140-02 Emerson OpenEnterprise

Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.

Action-Not Available
Vendor-emersonEmerson
Product-openenterprise_scada_serverOpenEnterprise SCADA Software
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2020-14481
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.85%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 18:27
Updated-17 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-factorytalk_viewFactoryTalk View SE
CWE ID-CWE-261
Weak Encoding for Password
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-21800
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 22.91%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 17:50
Updated-16 Apr, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Airspan Networks Mimosa Use of a Broken or Risky Cryptographic Algorithm

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords.

Action-Not Available
Vendor-Airspan Networks
Product-a5xa5x_firmwarec5cc5xc6x_firmwarec5c_firmwarec6xmimosa_management_platformc5x_firmwarePTP C-seriesMMPPTMP C-series and A5x
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2019-4291
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.71%
||
7 Day CHG~0.00%
Published-16 Feb, 2022 | 17:00
Updated-16 Sep, 2024 | 22:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to the lack of binary protection precautions. IBM X-Force ID: 160697.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_anywhereMaximo Anywhere
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-24318
Assigner-Schneider Electric
ShareView Details
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.80%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)

Action-Not Available
Vendor-n/a
Product-clearscadaecostruxure_geo_scada_expert_2020ecostruxure_geo_scada_expert_2019ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-21653
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 34.23%
||
7 Day CHG~0.00%
Published-05 Jan, 2022 | 21:00
Updated-22 Apr, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hash collision in typelevel jawn

Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection.

Action-Not Available
Vendor-typeleveltypelevel
Product-jawnjawn
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-36337
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.82%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:05
Updated-17 Sep, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-42216
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.29% / 52.47%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 17:53
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.

Action-Not Available
Vendor-anonaddyn/a
Product-anonaddyn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-38947
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.78%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 17:55
Updated-16 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_copy_data_managementlinux_kernelSpectrum Copy Data Management
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-20400
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.78%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 17:05
Updated-16 Sep, 2024 | 22:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadar SIEM
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-38891
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 26.74%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 19:15
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-sterling_connect\solarislinux_kernelwindowsaixConnect:Direct Web Services
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-44150
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.45%
||
7 Day CHG~0.00%
Published-22 Nov, 2021 | 21:51
Updated-04 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content.

Action-Not Available
Vendor-transloaditn/a
Product-tusdotnetn/a
CWE ID-CWE-326
Inadequate Encryption Strength
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 8
  • 9
  • Next