Vulnerability Description
ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to data manipulation (without knowledge of the key). This is called ciphertext malleability. There is no data integrity mechanism to detect this manipulation.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Encsecurity | Datavault | <= 7.2.3 |
Related Weaknesses (CWE)
References
- https://encsecurity.zendesk.com/hc/en-us/articles/4413283717265-Update-for-ENC-SVendor Advisory
- https://encsecurity.zendesk.com/hc/en-us/articles/7860771829533Vendor Advisory
- https://pretalx.c3voc.de/rc3-2021-r3s/talk/QMYGR3/Third Party Advisory
- https://encsecurity.zendesk.com/hc/en-us/articles/4413283717265-Update-for-ENC-SVendor Advisory
- https://encsecurity.zendesk.com/hc/en-us/articles/7860771829533Vendor Advisory
- https://pretalx.c3voc.de/rc3-2021-r3s/talk/QMYGR3/Third Party Advisory
FAQ
What is CVE-2021-36751?
CVE-2021-36751 is a vulnerability with a CVSS score of 4.2 (MEDIUM). ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to data manipulation (without knowledge of the key). This is called ciphertext malleability. There is n...
How severe is CVE-2021-36751?
CVE-2021-36751 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-36751?
Check the references section above for vendor advisories and patch information. Affected products include: Encsecurity Datavault.