Use of a Broken or Risky Cryptographic Algorithm Affecting com.nablarch.framework:nablarch-fw-web-dbstore package, versions [,1.1.0)
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Integrity
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-COMNABLARCHFRAMEWORK-456707
- published 5 Aug 2019
- disclosed 12 Mar 2019
- credit Unknown
How to fix?
Upgrade com.nablarch.framework:nablarch-fw-web-dbstore
to version 1.1.0 or higher.
Overview
com.nablarch.framework:nablarch-fw-web-dbstore is a session store implementation using JDBC.
Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm. Due to an incomplete cryptography of the data store function by using the hidden tag allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors.