CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-36750

ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.235

EPSS Ranking 95.6%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 5.5

References

https://encsecurity.zendesk.com/hc/en-us/articles/4413283717265-Update-for-ENC-Software
https://pretalx.c3voc.de/rc3-2021-r3s/talk/QMYGR3/
https://www.encsecurity.com/solutions.php
https://www.westerndigital.com/en-ap/support/product-security/wdc-21014-sandisk-secureaccess-software-update
https://encsecurity.zendesk.com/hc/en-us/articles/4413283717265-Update-for-ENC-Software
https://pretalx.c3voc.de/rc3-2021-r3s/talk/QMYGR3/
https://www.encsecurity.com/solutions.php
https://www.westerndigital.com/en-ap/support/product-security/wdc-21014-sandisk-secureaccess-software-update

Products affected by CVE-2021-36750

Sandisk » Secureaccess » Version: 3.02

cpe:2.3:a:sandisk:secureaccess:3.02
Zendesk » Enc Datavault » Version: Any

cpe:2.3:a:zendesk:enc_datavault:*
Zendesk » Enc Vaultapi » Version: Any

cpe:2.3:a:zendesk:enc_vaultapi:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-36750

Products

Pricing

Contact Us