CVE-2022-37177

{"id": "CVE-2022-37177", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-08-29T21:15:09.183", "references": [{"url": "https://github.com/JC175/CVE-2022-37177", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.hirevue.com/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence cipher has been removed, and TLS 1.2 is now used for encryption."}, {"lang": "es", "value": "** EN DISPUTA ** HireVue Hiring Platform versi\u00f3n V1.0, sufre de un uso de un Algoritmo Criptogr\u00e1fico Roto o Arriesgado. NOTA: esto es discutido por el proveedor por m\u00faltiples razones, por ejemplo, es inconsistente con las reglas de asignaci\u00f3n de CVE ID para los servicios en la nube, y no existe ning\u00fan producto con la versi\u00f3n V1.0"}], "lastModified": "2024-04-11T01:16:14.150", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hirevue:hiring_platform:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFF5DE58-5847-46E0-B56F-7CF9C308122B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}