7.4
CVE-2023-22812
- EPSS 0.09%
- Veröffentlicht 24.03.2023 20:15:15
- Zuletzt bearbeitet 21.11.2024 07:45:27
- Quelle psirt@wdc.com
- CVE-Watchlists
- Unerledigt
LoginSanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Westerndigital ≫ Sandisk Privateaccess Version < 6.4.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.257 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| psirt@wdc.com | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.