How severe is CVE-2020-5408?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2020-5408?

This is classified as CWE-329, which is a common weakness in software security.

CVE-2020-5408 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.

Related Vulnerabilities

CVE-2017-3226

MEDIUM

CVSS:6.4(Medium)

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setti...

CWE-3292017

CVE-2021-27499

MEDIUM

CVSS:5.9(Medium)

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communicatio...

CWE-3292021

CVE-2022-46397

HIGH

CVSS:7.5(High)

FP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode.

CWE-3292022

CVE-2017-3225

MEDIUM

CVSS:4.6(Medium)

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may a...

CWE-3292017

CVE-2022-46397

HIGH

CVSS:7.5(High)

FP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode.

CWE-3292022

CVE-2017-3226

MEDIUM

CVSS:6.4(Medium)

CWE-3292017