CVE-2022-41983

LOW Year: 2022
CVSS v3 Score
3.7
Low
Weakness Type
CWE-319
View all →

Vulnerability Description

On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied.

Related Vulnerabilities

CVE-2020-0884

LOW
CVSS:3.7(Low)

A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'.

CWE-3192020

CVE-2020-27656

LOW
CVSS:3.7(Low)

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication informat...

CWE-3192020

CVE-2020-5893

LOW
CVSS:3.7(Low)

In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for capt...

CWE-3192020

CVE-2021-36382

LOW
CVSS:3.7(Low)

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts clearte...

CWE-3192021

CVE-2021-42948

LOW
CVSS:3.7(Low)

HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.

CWE-3192021

CVE-2024-49820

LOW
CVSS:3.7(Low)

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport S...

CWE-3192024