HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. Rated low severity (CVSS 2.5). No vendor patch available.
Oracle
Information Disclosure
Hashicorp
Vault
NVD
CVSS 3.1
2.5
EPSS
0.1%