Weak Encryption

2022-11-1900:46:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.7 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.7 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

7.3%

JSON

pki-core is vulnerable to Weak Encryption. The vulnerability exists because the messages are not properly encrypted which allows an attacker on the adjacent network to impersonate another user within the scope of the domain causing an authentication bypass.

CPENameOperatorVersion
pki-coreeq10.5.18__21.el7pki
pki-coreeq9.0.3__45.el6_7
pki-coreeq9.0.3__37.el6
pki-coreeq10.5.9__10.el7pki
pki-coreeq10.5.1__15.el7pki
pki-coreeq10.5.17__6.el7pki
pki-coreeq9.0.3__50.el6_8
pki-coreeq10.3.3__11.el7pki
pki-coreeq10.4.1__10.el7pki
pki-coreeq10.5.9__13.el7pki

Name	Operator	Version
pki-core	eq	10.5.18__21.el7pki
pki-core	eq	9.0.3__45.el6_7
pki-core	eq	9.0.3__37.el6
pki-core	eq	10.5.9__10.el7pki
pki-core	eq	10.5.1__15.el7pki
pki-core	eq	10.5.17__6.el7pki
pki-core	eq	9.0.3__50.el6_8
pki-core	eq	10.3.3__11.el7pki
pki-core	eq	10.4.1__10.el7pki
pki-core	eq	10.5.9__13.el7pki