CVE-2017-1271Inadequate Encryption Strength in IBM Security Guardium

CWE-326Inadequate Encryption Strength3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 81.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Guardium
Timeline
PublishedDec 7
Latest updateMay 17

Description

IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 124746.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/security_guardium9.0, 9.1, 9.5+2
NVDibm/security_guardium9.0, 9.1, 9.5+2

🔴Vulnerability Details

2
GHSA
GHSA-2cq3-h4m9-xxxq: IBM Security Guardium 92022-05-17
CVEList
CVE-2017-1271: IBM Security Guardium 92017-12-07
CVE-2017-1271 — Inadequate Encryption Strength in IBM | cvebase