CVE-2022-3217
N/A
N/A
Summary
When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can obtain the login credentials.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | VISAM VBASE | 11.7.0.2 | affected |
Weaknesses
- Insufficiently Protected Credentials
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.