5.9
CVE-2016-6225
- EPSS 0.5%
- Veröffentlicht 23.03.2017 16:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Percona ≫ Xtrabackup Version <= 2.3.5
Percona ≫ Xtrabackup Version2.4.0 Updaterc1
Percona ≫ Xtrabackup Version2.4.1
Percona ≫ Xtrabackup Version2.4.2
Percona ≫ Xtrabackup Version2.4.3
Percona ≫ Xtrabackup Version2.4.4
Fedoraproject ≫ Fedora Version24
Fedoraproject ≫ Fedora Version25
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.651 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.