CVE-2023-34471

HIGH Year: 2023
CVSS v3 Score
8.1
High
Weakness Type
CWE-325
View all →

Vulnerability Description

AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication.

Related Vulnerabilities

CVE-2021-22946

HIGH
CVSS:7.5(High)

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESS...

CWE-3252021

CVE-2022-1279

HIGH
CVSS:7.5(High)

A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This ...

CWE-3252022

CVE-2023-40012

HIGH
CVSS:7.5(High)

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates...

CWE-3252023

CVE-2022-20742

HIGH
CVSS:7.4(High)

A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or...

CWE-3252022

CVE-2022-29229

HIGH
CVSS:7.2(High)

CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject) has a missing cryptographic step when storing cryptographic keys that can allow a server administrator access to an account’s cr...

CWE-3252022

CVE-2018-5383

MEDIUM
CVSS:6.8(Medium)

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently ...

CWE-3252018