exploitDog

CVE-2022-37177

Опубликовано: 29 авг. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence cipher has been removed, and TLS 1.2 is now used for encryption.

Ссылки

https://github.com/JC175/CVE-2022-37177
Exploit
Third Party Advisory
https://www.hirevue.com/
Vendor Advisory
https://github.com/JC175/CVE-2022-37177
Exploit
Third Party Advisory
https://www.hirevue.com/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hirevue:hiring_platform:-:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00119

Низкий

7.5 High

CVSS3

Дефекты

CWE-327

Связанные уязвимости

GHSA-3gv2-2xxr-9jgq

CVSS3: 7.5

github

больше 3 лет назад

HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm.

EPSS

Процентиль: 32%

0.00119

Низкий

7.5 High

CVSS3

Дефекты

CWE-327