CVE-2023-23346 - OpenCVE

HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Hcltech	Dryice Mycloud

Configuration 1 [-]

OR	cpe:2.3:a:hcltech:dryice_mycloud:10.2:::::::*
	cpe:2.3:a:hcltech:dryice_mycloud:10.4:::::::*
	cpe:2.3:a:hcltech:dryice_mycloud:10.5:::::::*
	cpe:2.3:a:hcltech:dryice_mycloud:10.6:::::::*

References

Link	Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106670	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: HCL

Published: 2023-08-09T18:52:37.771Z

Updated: 2023-08-09T18:52:37.771Z

Reserved: 2023-01-11T18:41:24.864Z

Link: CVE-2023-23346

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-08-09T19:15:14.500

Modified: 2023-08-15T19:58:44.960

Link: CVE-2023-23346

JSON object: View

Redhat Information

No data.

CWE

CWE-327

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:dryice_mycloud:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "17645F0D-B724-4511-9755-8FA5EF415AE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:dryice_mycloud:10.4:*:*:*:*:*:*:*", "matchCriteriaId": "56D1CC82-7BA1-42FA-B609-7F3032700581", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:dryice_mycloud:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "4093FF10-1038-4F93-B28E-77CA62D3AA61", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:dryice_mycloud:10.6:*:*:*:*:*:*:*", "matchCriteriaId": "4A0C7C49-B89E-4869-A4B8-6C0A85B7D329", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.\n"}, {"lang": "es", "value": "HCL DRYiCE MyCloud est\u00e1 afectado por el uso de un algoritmo criptogr\u00e1fico roto. Un atacante puede comprometer potencialmente la confidencialidad e integridad de informaci\u00f3n sensible.\n"}], "id": "CVE-2023-23346", "lastModified": "2023-08-15T19:58:44.960", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 4.7, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2023-08-09T19:15:14.500", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106670"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}