7.5

CVE-2022-37177

Exploit

EPSS 0.12%
Veröffentlicht 29.08.2022 21:15:09
Zuletzt bearbeitet 21.11.2024 07:14:34
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence cipher has been removed, and TLS 1.2 is now used for encryption.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hirevue ≫ Hiring Platform Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.316

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://github.com/JC175/CVE-2022-37177

Third Party Advisory

Exploit

https://www.hirevue.com/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-37177

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-37177

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-37177

EUVD