How severe is CVE-2021-40529?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2021-40529?

This is classified as CWE-327, which is a common weakness in software security.

CVE-2021-40529

MEDIUM Year: 2021

CVSS v3 Score

5.9

Medium

CVSS v2 Score

2.6

Low

Weakness Type

CWE-327

View all →

Vulnerability Description

The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

CVE-2011-2487

MEDIUM

CVSS:5.9(Medium)

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

CWE-3272011

CVE-2017-10668

MEDIUM

CVSS:5.9(Medium)

A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker ...

CWE-3272017

CVE-2017-17167

MEDIUM

CVSS:5.9(Medium)

Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algor...

CWE-3272017

CVE-2017-17382

MEDIUM

CVSS:5.9(Medium)

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote a...

CWE-3272017

CVE-2017-17428

MEDIUM

CVSS:5.9(Medium)

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT atta...

CWE-3272017

CVE-2017-8157

MEDIUM

CVSS:5.9(Medium)

OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vuln...

CWE-3272017

CVE-2021-40529

Vulnerability Description

Related Vulnerabilities

CVE-2011-2487

CVE-2017-10668

CVE-2017-17167

CVE-2017-17382

CVE-2017-17428

CVE-2017-8157