Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozZzktNmZ4NS1nanY3

High EPSS: 0.76118% (0.98856 Percentile) EPSS:
Permalink JSON

Inadequate Encryption Strength in DotNetNuke

Affected Packages Affected Versions Fixed Versions
nuget:DotNetNuke.Core < 9.3.0 9.3.0
14 Dependent packages
0 Dependent repositories
738,686 Downloads total

Affected Version Ranges

All affected versions

6.0.0, 7.0.0, 7.1.0, 7.1.2

All unaffected versions

9.3.0, 9.3.1, 9.3.2, 9.4.0, 9.4.1, 9.4.2, 9.4.3, 9.4.4, 9.5.0, 9.6.1, 9.6.2, 9.7.0, 9.7.1, 9.7.2, 9.8.0, 9.9.0, 9.9.1, 9.10.0, 9.10.1, 9.10.2, 9.11.0, 9.11.1, 9.11.2, 9.12.0, 9.13.0, 9.13.1, 9.13.2, 9.13.3, 9.13.4, 9.13.5, 9.13.6, 9.13.7, 9.13.8, 9.13.9, 10.0.0, 10.0.1

DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.

References:

Identifiers

GHSA-j3g9-6fx5-gjv7

CVE-2018-18325

Risk

Severity

High

EPSS

EPSS Percentage: 0.76118

EPSS Percentile: 0.98856

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/dnnsoftware/Dnn.Platform

Date and time

Published

about 6 years ago

Updated

over 2 years ago

API

JSON