CVE-2007-6721 – bouncycastle:bcprov-jdk14

Package

Manager: maven
Name: bouncycastle:bcprov-jdk14
Vulnerable Version: >=0 <1.38

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00711 pctl0.71392

Details

Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."

Metadata

Created: 2022-05-01T18:45:52Z
Modified: 2023-09-21T22:46:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m26p-m559-g5j5/GHSA-m26p-m559-g5j5.json
CWE IDs: ["CWE-203"]
Alternative ID: GHSA-m26p-m559-g5j5
Finding: F026
Auto approve: 1