Vulnerability Name: | CVE-2021-40528 (CCN-208744) | ||||||||||||||||||
Assigned: | 2021-07-07 | ||||||||||||||||||
Published: | 2021-07-07 | ||||||||||||||||||
Updated: | 2022-12-07 | ||||||||||||||||||
Summary: | The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | ||||||||||||||||||
CVSS v3 Severity: | 5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) 5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
5.2 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||||
CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
| ||||||||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-40528 Source: CCN Type: ePrint Web site Cryptology ePrint Archive: Report 2021/923 Source: cve@mitre.org Type: Technical Description, Third Party Advisory cve@mitre.org Source: XF Type: UNKNOWN libgcrypt-cve202140528-sec-bypass(208744) Source: cve@mitre.org Type: Mailing List, Patch, Third Party Advisory cve@mitre.org Source: CCN Type: GnuPG Web site Libgcrypt Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Exploit, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org Source: CCN Type: IBM Security Bulletin 6611147 (MQ Operator) IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty Source: CCN Type: IBM Security Bulletin 6615221 (Robotic Process Automation for Cloud Pak) Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak Source: CCN Type: IBM Security Bulletin 6837307 (App Connect Enterprise Certified Container) IBM App Connect Enterprise Certified Container may be vulnerable to security restriction bypass due to CVE-2021-40528 Source: CCN Type: IBM Security Bulletin 6843867 (Watson Speech Services Cartridge for Cloud Pak for Data) IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a cross-configuration attack against OpenPGP (CVE-2021-40528) Source: CCN Type: IBM Security Bulletin 6848225 (Netcool Operations Insight) Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities. Source: CCN Type: IBM Security Bulletin 6849249 (Security Identity Manager) Security vulnerabilities have been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component Source: CCN Type: IBM Security Bulletin 6856409 (Cloud Pak for Security) IBM Cloud Pak for Security includes components with multiple known vulnerabilities Source: CCN Type: IBM Security Bulletin 6958506 (Security QRadar SIEM) IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities | ||||||||||||||||||
Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1: ![]() | ||||||||||||||||||
Oval Definitions | |||||||||||||||||||
| |||||||||||||||||||
BACK |