CWE-327— Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.— MITRE CWE catalog
688 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-327page 11 of 14
- CVE-2024-31896MEDIUMCVSS 5.9EG 5.92025-03-25
IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2024-31989CRITICALCVSS 9.0EG 9.02024-05-21
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed…
- CVE-2024-3264MEDIUMCVSS 5.3EG 5.32024-06-24
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Signature Spoofing by Improper Validation. This issue affects Mia-Med Health Aplication: before 1.0.14.
- CVE-2024-32852MEDIUMCVSS 5.9EG 5.92024-07-02
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographic algorithm vulnerability. An unprivileged network malicious attacker could potentially exploit this vulnerability, leading to data leaks.
- CVE-2024-32911CRITICALCVSS 9.8EG 9.82024-06-13
There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-33663MEDIUMCVSS 6.5EG 6.52024-04-26
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.
- CVE-2024-35537HIGHCVSS 7.5EG 7.52024-06-21
TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption.
- CVE-2024-36440MEDIUMCVSS 6.8EG 6.82024-08-22
An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used.
- CVE-2024-36823HIGHCVSS 7.5EG 7.52024-06-06
The encrypt() function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information.
- CVE-2024-37068MEDIUMCVSS 5.9EG 5.92024-09-07
IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques.
- CVE-2024-37137LOWCVSS 3.8EG 5.52024-06-28
Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information dis…
- CVE-2024-38320MEDIUMCVSS 5.9EG 5.92025-01-27
IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly …
- CVE-2024-39583HIGHCVSS 8.1EG 8.12024-09-10
Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Elevati…
- CVE-2024-39731MEDIUMCVSS 5.9EG 5.92024-07-15
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970.
- CVE-2024-39745MEDIUMCVSS 5.9EG 5.92024-08-22
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2024-40465HIGHCVSS 8.8EG 8.82024-07-31
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file
- CVE-2024-41270CRITICALCVSS 9.1EG 9.12024-08-06
An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version.
- CVE-2024-41763MEDIUMCVSS 5.9EG 5.92025-01-04
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2024-41775MEDIUMCVSS 5.9EG 5.92024-12-03
IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2024-41986MEDIUMCVSS 6.4EG 6.42025-08-12
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application support inse…
- CVE-2024-4282CRITICALCVSS 9.8EG 9.82025-02-15
Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.
- CVE-2024-43178MEDIUMCVSS 5.9EG 5.92026-02-17
IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2024-43189MEDIUMCVSS 5.9EG 5.92024-11-15
IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensiti…
- CVE-2024-45193MEDIUMCVSS 4.3EG 4.32024-08-22
An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). This refers to the libolm implementation of Olm. NOTE: This vulnerability onl…
- CVE-2024-45394HIGHCVSS 8.8EG 8.82024-09-03
Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVP_BytesToKey KDF. Therefore, attackers w…
- CVE-2024-4563MEDIUMCVSS 6.1EG 6.12024-05-22
The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length.
- CVE-2024-45643MEDIUMCVSS 5.9EG 5.92025-03-14
IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.
- CVE-2024-45671MEDIUMCVSS 5.9EG 5.92025-09-10
IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2024-47187HIGHCVSS 7.5EG 7.52024-10-16
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash t…
- CVE-2024-47188HIGHCVSS 7.5EG 7.52024-10-16
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predict…
- CVE-2024-4765HIGHCVSS 8.1EG 8.12024-05-14
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *Th…
- CVE-2024-47921HIGHCVSS 8.4EG 8.42024-12-30
Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm
- CVE-2024-48016MEDIUMCVSS 4.6EG 4.62024-10-18
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, l…
- CVE-2024-48847HIGHCVSS 8.2EG 8.22024-12-05
MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Affected products: ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRI…
- CVE-2024-49784MEDIUMCVSS 5.3EG 5.32025-07-08
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with acc…
- CVE-2024-49797MEDIUMCVSS 5.9EG 5.92025-02-06
IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man…
- CVE-2024-51456MEDIUMCVSS 5.9EG 5.92025-01-12
IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks.
- CVE-2024-51478CRITICALCVSS 9.9EG 9.92024-10-31
YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is …
- CVE-2024-51556MEDIUMCVSS 6.5EG 6.52024-11-04
This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters through API req…
- CVE-2024-52331HIGHCVSS 7.5EG 7.52025-01-23
ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot.
- CVE-2024-52366MEDIUMCVSS 5.9EG 5.92025-01-07
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerabil…
- CVE-2024-52801MEDIUMCVSS 5.3EG 5.32024-11-29
sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby g…
- CVE-2024-52884HIGHCVSS 7.5EG 7.52025-02-07
An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passw…
- CVE-2024-53441CRITICALCVSS 9.1EG 8.22024-12-09
An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack.
- CVE-2024-53845MEDIUMCVSS 6.6EG 6.62024-12-12
ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV (Initialization Vector) prior to versions 5.3.2, 5.2.4, 5.1.6,…
- CVE-2024-55539LOWCVSS 2.5EG 2.52024-12-23
Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185, Acronis Cyber Protect 16 (Linux) before build 39938.
- CVE-2024-5559MEDIUMCVSS 6.1EG 6.12024-06-12
CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the fro…
- CVE-2024-55885HIGHCVSS 7.5EG 7.52024-12-12
beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision …
- CVE-2024-55912MEDIUMCVSS 5.9EG 5.92025-05-02
IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2024-8452HIGHCVSS 7.5EG 7.52024-09-30
Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially.
Map vulnerabilities like CWE-327 to your infrastructure
EchelonGraph correlates every CVE — across CWE-327 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →