Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2023-2197
HistoryMay 01, 2023 - 8:15 p.m.

CVE-2023-2197

2023-05-0120:15:14
Google
osv.dev
8
cve-2023-2197
padding oracle attack
hsm
ckm_aes_cbc_pad
encryption
cipher text
root key
fixed

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with theย CKM_AES_CBC_PAD orย CKM_AES_CBC encryption mechanisms.ย An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vaultโ€™s root key. Fixed in 1.13.2

CPENameOperatorVersion
vaulteq1.13.0
vaulteq1.13.1

Related

nvd 1
veracode 1
alpinelinux 1
osv 1
cvelist 1
cve 1
redhatcve 1
prion 1
nvd
nvd
CVE-2023-2197
2023-05-01 20:15:14
veracode
veracode
Inadequate Encryption Strength
2023-05-11 21:11:49
alpinelinux
alpinelinux
CVE-2023-2197
2023-05-01 20:15:14
osv
osv
BIT-vault-2023-2197
2024-03-06 11:09:21
cvelist
cvelist
CVE-2023-2197 Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM
2023-05-01 19:41:17
cve
cve
CVE-2023-2197
2023-05-01 20:15:14
redhatcve
redhatcve
CVE-2023-2197
2023-05-15 09:21:25
prion
prion
Design/Logic Flaw
2023-05-01 20:15:00

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON
Related for OSV:CVE-2023-2197
nvd1veracode1alpinelinux1osv1cvelist1cve1redhatcve1prion1