- Description
- Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later.
- Source
- support@hackerone.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ui:desktop:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "3FA2EBE5-1998-49C5-BB38-7886DB115E47",
"versionEndExcluding": "0.62.3.0"
}
],
"operator": "OR"
}
]
}
]