CVE-2017-1224Inadequate Encryption Strength in IBM Bigfix Family

CWE-326Inadequate Encryption Strength5 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 66.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Bigfix FamilyIBM Bigfix Platform
Timeline
PublishedJul 19
Latest updateMay 17

Description

IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/bigfix_family9.2, 9.5+1
NVDibm/bigfix_platform5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-cf7g-ggqr-v2mp: IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information2022-05-17
CVEList
CVE-2017-1224: IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information2017-07-19

💬Community

2
Bugzilla
CVE-2017-14737 botan: cryptographic cache-based side channel in the RSA implementation2017-09-27
Bugzilla
CVE-2017-12482 ledger: stack-based buffer overflow in ledger::parse_date_mask_routine function2017-08-21
CVE-2017-1224 — Inadequate Encryption Strength in IBM | cvebase