Vulnerability Details CVE-2021-36751
ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to data manipulation (without knowledge of the key). This is called ciphertext malleability. There is no data integrity mechanism to detect this manipulation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.1%
CVSS Severity
CVSS v3 Score 4.2
CVSS v2 Score 6.4
References
- https://encsecurity.zendesk.com/hc/en-us/articles/4413283717265-Update-for-ENC-Software
- https://encsecurity.zendesk.com/hc/en-us/articles/7860771829533
- https://pretalx.c3voc.de/rc3-2021-r3s/talk/QMYGR3/
- https://encsecurity.zendesk.com/hc/en-us/articles/4413283717265-Update-for-ENC-Software
- https://encsecurity.zendesk.com/hc/en-us/articles/7860771829533
- https://pretalx.c3voc.de/rc3-2021-r3s/talk/QMYGR3/
Products affected by CVE-2021-36751
-
cpe:2.3:a:encsecurity:datavault:*