Vulnerabilities > Use of a Broken or Risky Cryptographic Algorithm

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2022-43917 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 8.5/9.0
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information.
network
low complexity
ibm CWE-327
7.5
2023-01-26 CVE-2022-22462 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Governance 10.0.1
IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2023-01-17 CVE-2021-36647 Use of a Broken or Risky Cryptographic Algorithm vulnerability in ARM Mbed TLS
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.
local
high complexity
arm CWE-327
4.7
2022-12-23 CVE-2022-23539 Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification.
network
low complexity
CWE-327
8.1
2022-12-23 CVE-2022-47931 IO FinNet tss-lib before 2.0.0 allows a collision of hash values.
network
low complexity
CWE-327
critical
9.1
2022-12-22 CVE-2022-22461 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Governance 10.0.1
IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2022-12-22 CVE-2022-23540 In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification.
network
low complexity
CWE-327
critical
9.8
2022-12-20 CVE-2022-38391 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Control 5.4.0.0
IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2022-12-19 CVE-2022-4610 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Clickstudios Passwordstate 9.5/9.5.8.4
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome.
local
low complexity
clickstudios CWE-327
5.5
2022-12-16 CVE-2022-20513 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Google Android 13.0
In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check.
local
low complexity
google CWE-327
5.5