Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

The vulnerability of the CMSdecrypt and PKCS7decrypt functions (cms_env.c, cms_smime.c, and pk7_doit.c) in the OpenSSL library, related to deficiencies in the secret data encryption mechanism, allows attackers to gain unauthorized access to protected information.

🗓️ 19 Nov 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType 
bdu_fstec
 bdu_fstec🔗 bdu.fstec.ru👁 3 Views

OpenSSL CMSdecrypt and PKCS7decrypt flaws let remote attackers access protected data via weak encryption.

Related
Detection
Refs
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: A security vulnerability has been identified in openssl shipped with PowerAI Vision
8 Jan 202019:00
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2018-5407,CVE-2020-1967,CVE-2018-0734,CVE-2019-1563,CVE-2019-1549,CVE-2019-1552,CVE-2019-1559,CVE-2018-0735)
15 Dec 202020:13
ibm
IBM Security Bulletins		Security Bulletin: Information Disclosure in Cognos Business Intelligence (Cognos BI) shipped with Tivoli Common Reporting (CVE-2019-1547, CVE-2019-1549, CVE-2019-1563)
19 Mar 202005:19
ibm
IBM Security Bulletins		Security Bulletin: OpenSSL vulnerability affects IBM Rational Team Concert
12 Feb 202016:09
ibm
IBM Security Bulletins		Security Bulletin: OpenSSL vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)
22 Feb 202220:10
ibm
IBM Security Bulletins		Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2019-1547, CVE-2019-1563)
23 Oct 201903:29
ibm
IBM Security Bulletins		Security Bulletin: A security vulnerability has been identified in Openssl shipped with PowerAI.
10 Jan 202019:12
ibm
IBM Security Bulletins		Security Bulletin: Multiple Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP NonStop
24 Jul 202022:19
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2019-1552, CVE-2019-1563)
30 Mar 202002:56
ibm
IBM Security Bulletins		Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2019-1552, CVE-2019-1563)
27 Mar 202014:21
ibm
Rows per page
Vulners
Node
oracleenterprise_manager_ops_centerMatch12.3.3aurora
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.56aurora
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.57aurora
OR
novellsuse_enterprise_storageMatch4aurora
OR
novellsuse_openstack_cloudMatch7aurora
OR
novellsuse_linux_enterprise_module_for_open_buildservice_development_toolsMatch15aurora
OR
oraclebusiness_intelligence_enterprise_editionMatch11.1.1.9.0aurora
OR
oraclebusiness_intelligence_enterprise_editionMatch12.2.1.3.0aurora
OR
oraclebusiness_intelligence_enterprise_editionMatch12.2.1.4.0aurora
OR
oracleoracle_secure_global_desktopMatch5.4aurora
OR
oracleagile_engineering_data_managementMatch6.2.1aurora
OR
novellsuse_linux_enterprise_module_for_basesystemMatch15aurora
OR
novellsuse_caas_platformMatch3.0aurora
OR
novellsuse_enterprise_storageMatch5aurora
OR
novellsuse_linux_enterprise_module_for_legacy_softwareMatch15aurora
OR
novellsuse_openstack_cloudMatch8aurora
OR
novellsuse_openstack_cloud_crowbarMatch8aurora
OR
oracleenterprise_manager_ops_centerMatch12.4.0aurora
OR
novellsuse_linux_enterprise_module_for_legacy_softwareMatch12aurora
OR
opensslopensslRange1.0.21.0.2saurora
OR
opensslopensslRange1.1.01.1.0kaurora
OR
opensslopensslRange1.1.11.1.1caurora
OR
novellsuse_enterprise_storageMatch6aurora
OR
novellhpe_helion_openstackMatch8aurora
OR
oraclevm_virtualboxRange<5.2.34aurora
OR
oraclevm_virtualboxRange<6.0.14aurora
OR
oraclesun_zfs_storage_appliance_kitMatch8.8.6aurora
OR
oracleoracle_communications_session_border_controllerMatch8.0aurora
OR
oracleoracle_communications_session_border_controllerMatch8.1aurora
OR
oracleoracle_communications_session_border_controllerMatch8.2aurora
OR
oracleoracle_communications_session_border_controllerMatch8.3aurora
OR
oracleoracle_enterprise_session_border_controllerMatch7.5aurora
OR
oracleoracle_enterprise_session_border_controllerMatch8.0aurora
OR
oracleoracle_enterprise_session_border_controllerMatch8.1aurora
OR
oracleoracle_enterprise_session_border_controllerMatch8.2aurora
OR
oracleoracle_enterprise_session_border_controllerMatch8.3aurora
OR
oraclecommunications_unified_session_managerMatch7.3.5aurora
OR
oraclecommunications_unified_session_managerMatch8.2.5aurora
OR
oracleoracle_communications_session_routerMatch7.4aurora
OR
oracleoracle_communications_session_routerMatch8.0aurora
OR
oracleoracle_communications_session_routerMatch8.1aurora
OR
oracleoracle_communications_session_routerMatch8.2aurora
OR
oracleoracle_communications_session_routerMatch8.3aurora
OR
oracleoracle_communications_session_border_controllerMatch7.4aurora
OR
oraclecommunications_diameter_signaling_routerMatch8.0aurora
OR
oraclecommunications_diameter_signaling_routerMatch8.1aurora
OR
oraclecommunications_diameter_signaling_routerMatch8.2aurora
OR
oraclecommunications_diameter_signaling_routerMatch8.3aurora
OR
oraclecommunications_diameter_signaling_routerMatch8.4aurora
OR
oraclemysql_workbenchRange8.0.17aurora
OR
oracleoracle_secure_global_desktopMatch5.5aurora
OR
oraclemysql_connectorsRange5.3.13aurora
OR
oraclemysql_connectorsRange8.0.18aurora
OR
oraclemysql_enterprise_backupRange3.12.4aurora
OR
oraclemysql_enterprise_backupRange4.1.3aurora
OR
fedorafedoraMatch29
OR
novellopensuse_leapMatch15.0
OR
novellopensuse_leapMatch15.1
OR
fedorafedoraMatch30
OR
novellsuse_linux_enterprise_serverMatch11-security
OR
novellsuse_linux_enterprise_server_for_sap_applicationsMatch11-security

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
19 Aug 2025 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 33.7
CVSS 24.3
EPSS0.03338
OpenSSLCMSdecryptPKCS7decryptremote accessunauthorized accessprotected dataencryption weaknesscms_env.ccms_smime.cpk7_doit.c
3