HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence cipher has been removed, and TLS 1.2 is now used for encryption.
References
Link | Resource |
---|---|
https://github.com/JC175/CVE-2022-37177 | Exploit Third Party Advisory |
https://www.hirevue.com/ | Vendor Advisory |
Configurations
History
07 Nov 2023, 03:49
Type | Values Removed | Values Added |
---|---|---|
Summary | HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence cipher has been removed, and TLS 1.2 is now used for encryption. |
20 Dec 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
Summary | ** DISPUTED ** HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence cipher has been removed, and TLS 1.2 is now used for encryption. |
09 Dec 2022, 17:12
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:hirevue:hiring_platform:-:*:*:*:*:*:*:* |
02 Sep 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
Summary | ** DISPUTED ** HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. |
01 Sep 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
Summary | ** DISPUTED ** HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: the is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services and no product with version V1.0 exists. |
01 Sep 2022, 06:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:hirevue:hiring_platform:1.0:*:*:*:*:*:*:* | |
First Time |
Hirevue hiring Platform
Hirevue |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://github.com/JC175/CVE-2022-37177 - Exploit, Third Party Advisory | |
References | (MISC) https://www.hirevue.com/ - Vendor Advisory | |
CWE | CWE-327 |
29 Aug 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-29 21:15
Updated : 2024-04-11 01:16
NVD link : CVE-2022-37177
Mitre link : CVE-2022-37177
CVE.ORG link : CVE-2022-37177
JSON object : View
Products Affected
hirevue
- hiring_platform
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm