Vulnerabilities > Use of Hard-coded Cryptographic Key

DATE CVE VULNERABILITY TITLE RISK
2024-10-24 CVE-2024-38314 IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment.
network
high complexity
CWE-321
5.9
2024-08-22 CVE-2024-42418 Use of Hard-coded Cryptographic Key vulnerability in Avtecinc Outpost 0810 Firmware and Outpost Uploader Utility
Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information.
network
low complexity
avtecinc CWE-321
7.5
2024-03-13 CVE-2024-2413 Intumit SmartRobot uses a fixed encryption key for authentication.
network
low complexity
CWE-321
critical
9.8
2024-02-06 CVE-2024-1258 Use of Hard-coded Cryptographic Key vulnerability in Juanpao Jpshop 1.5.02
A vulnerability was found in Juanpao JPShop up to 1.5.02.
network
high complexity
juanpao CWE-321
5.9
2023-12-15 CVE-2023-48392 Use of Hard-coded Cryptographic Key vulnerability in Kaifa Webitr Attendance System 2.1.0.23
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key.
network
low complexity
kaifa CWE-321
critical
9.8
2023-11-14 CVE-2023-44318 Use of Hard-coded Cryptographic Key vulnerability in Siemens products
Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device.
network
low complexity
siemens CWE-321
4.9
2023-08-09 CVE-2023-3632 Use of Hard-coded Cryptographic Key vulnerability in Kunduz
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before 6.2.3.
network
low complexity
kunduz CWE-321
critical
9.8
2023-07-21 CVE-2023-37291 Use of Hard-coded Cryptographic Key vulnerability in GSS Vitals Enterprise Social Platform 3.0.8/6.2.0
Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key.
network
low complexity
gss CWE-321
critical
9.8
2023-07-06 CVE-2023-22844 Use of Hard-coded Cryptographic Key vulnerability in Milesight Milesightvpn 2.0.2
An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2.
network
low complexity
milesight CWE-321
critical
9.8
2022-12-02 CVE-2022-2641 Use of Hard-coded Cryptographic Key vulnerability in Hornerautomation Rcc972 Firmware 15.40
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device.
network
low complexity
hornerautomation CWE-321
critical
9.8