AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

OR
          *cpe:2.3:a:crmeb:crmeb:*:*:*:*:*:*:*:* versions up to (including) 5.6.1

CISA-ADP: https://vuldb.com/?submit.659843 Types: Third Party Advisory, VDB Entry

VulDB: https://vuldb.com/?ctiid.327171 Types: Permissions Required, VDB Entry

VulDB: https://vuldb.com/?id.327171 Types: Third Party Advisory, VDB Entry

VulDB: https://vuldb.com/?submit.659843 Types: Third Party Advisory, VDB Entry

https://vuldb.com/?submit.659843

A vulnerability was identified in CRMEB up to 5.6.1. This affects an unknown function of the component JWT HMAC Secret Handler. Such manipulation of the argument secret with the input default leads to use of hard-coded cryptographic key
 . It is possible to launch the attack remotely. Attacks of this nature are highly complex. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

(AV:N/AC:H/Au:N/C:P/I:P/A:P)

CWE-320

CWE-321

https://vuldb.com/?ctiid.327171

https://vuldb.com/?id.327171

https://vuldb.com/?submit.659843