CVE-2022-37177 HireVue Hiring Platform V1.0 has a broken or risky cryptographic algorithm.
In most cases, this rating applies to the end-user installation of the software, not the vendor. The contributor may be contacted to confirm details.
Vulnerability Details
This vulnerability allows remote code execution when the application is vulnerable to CVE-2018-11776.
The vulnerability allows the attacker to execute code which could be maliciously used to perform unauthorized activities on the system.
Software reluctantly used
A software may be reluctantly used if it is not the vendor’s product, the software is not required for a product or service, or the end-user installation of the software has concerns and requirements that prevent them from using the software. Additionally, many organizations are reluctant to use enterprise software when there are free alternatives available.
In most cases, this rating applies to the end-user installation of the software, not the vendor. The contributor may be contacted to confirm details.
VENDOR RESPONSE AND FURTHER INFORMATION
The vendor has not responded to requests for further information.
VENDOR RESPONSE:
"The issue with this CVE is that it only applies to the end-user installation of the software, not the vendor. The contributor may be contacted to confirm details."
This blog post discusses a critical vulnerability in Microsoft Windows and how it should be addressed. A bug in Microsoft Windows allows attackers to execute arbitrary code in a privileged context.
Timeline
Published on: 08/29/2022 21:15:00 UTC
Last modified on: 09/02/2022 03:15:00 UTC