Missing Cryptographic Step

CVE-2022-1279

Medium

6.5/10

Summary

A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-325 - Missing Cryptographic Step

The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

References

Advisory Timeline

Published Apr 14, 2022

Missing Cryptographic Step

CVE-2022-1279

Summary

CWE-325 - Missing Cryptographic Step

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS