CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionNVD
jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the default key lengths in a library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
AnalysisAI
jsrsasign v11.1.0 was discovered to contain weak encryption. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-326. jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the default key lengths in a library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
Affected ProductsAI
See vendor advisory for affected versions.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Share
External POC / Exploit Code
Leaving vuln.today