Vulnerabilities > Use of a Broken or Risky Cryptographic Algorithm
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2022-43917 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 8.5/9.0 IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. | 7.5 |
| 2023-01-26 | CVE-2022-22462 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Governance 10.0.1 IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2023-01-17 | CVE-2021-36647 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in ARM Mbed TLS Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA. | 4.7 |
| 2022-12-23 | CVE-2022-23539 | Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. | 8.1 |
| 2022-12-23 | CVE-2022-47931 | IO FinNet tss-lib before 2.0.0 allows a collision of hash values. | 9.1 |
| 2022-12-22 | CVE-2022-22461 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Governance 10.0.1 IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2022-12-22 | CVE-2022-23540 | In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. | 9.8 |
| 2022-12-20 | CVE-2022-38391 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Control 5.4.0.0 IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2022-12-19 | CVE-2022-4610 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Clickstudios Passwordstate 9.5/9.5.8.4 A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. | 5.5 |
| 2022-12-16 | CVE-2022-20513 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Google Android 13.0 In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. | 5.5 |