Total
370 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20360 | 1 Ibm | 1 Cloud Pak For Applications | 2024-09-16 | 7.5 High |
| IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195031. | ||||
| CVE-2019-4151 | 1 Ibm | 1 Security Access Manager | 2024-09-16 | 5.9 Medium |
| IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512. | ||||
| CVE-2002-1946 | 1 Tata | 1 Integrated Dialer | 2024-09-16 | 5.5 Medium |
| Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password. | ||||
| CVE-2022-2758 | 1 Ls-electric | 469 Gm7, Gm7 Firmware, Gm7u and 466 more | 2024-09-16 | 6.5 Medium |
| Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic. | ||||
| CVE-2018-2007 | 1 Ibm | 1 Api Connect | 2024-09-16 | N/A |
| IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078. | ||||
| CVE-2018-15796 | 1 Pivotal Software | 1 Bits Service | 2024-09-16 | N/A |
| Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage. | ||||
| CVE-2002-1910 | 1 Click-2 | 1 Ingenium Learning Management System | 2024-09-16 | 7.5 High |
| Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords. | ||||
| CVE-2018-1925 | 1 Ibm | 1 Websphere Mq | 2024-09-16 | N/A |
| IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925. | ||||
| CVE-2017-1713 | 1 Ibm | 1 Infosphere Streams | 2024-09-16 | N/A |
| IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632. | ||||
| CVE-2021-38947 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-09-16 | 7.5 High |
| IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242. | ||||
| CVE-2018-1751 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Key Lifecycle Manager, Linux Kernel and 1 more | 2024-09-16 | N/A |
| IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512. | ||||
| CVE-2022-22464 | 1 Ibm | 1 Security Verify Access | 2024-09-16 | 7.5 High |
| IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081. | ||||
| CVE-2022-22321 | 1 Ibm | 1 Mq | 2024-09-16 | 5.5 Medium |
| IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. | ||||
| CVE-2022-22453 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-09-16 | 7.5 High |
| IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 224919. | ||||
| CVE-2020-10125 | 1 Ncr | 2 Aptra Xfs, Selfserv Atm | 2024-09-16 | 7.6 High |
| NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code. | ||||
| CVE-2020-14481 | 1 Rockwellautomation | 1 Factorytalk View | 2024-09-16 | 7.8 High |
| The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE. | ||||
| CVE-2018-1946 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-09-16 | N/A |
| IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 153388. | ||||
| CVE-2020-26197 | 1 Dell | 1 Emc Powerscale Onefs | 2024-09-16 | 7.5 High |
| Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider. | ||||
| CVE-2021-27761 | 1 Hcltech | 1 Bigfix Platform | 2024-09-16 | 4.8 Medium |
| Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks | ||||
| CVE-2017-16726 | 1 Beckhoff | 1 Twincat | 2024-09-16 | N/A |
| Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable. | ||||