CVE-2022-37177

HIGH

Hirevue Hiring Platform - Broken Cryptographic Algorithm

Title source: rule

Description

HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence cipher has been removed, and TLS 1.2 is now used for encryption.

Exploits (1)

nomisec WRITEUP 1 stars

by JC175 · poc

https://github.com/JC175/CVE-2022-37177

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/JC175/CVE-2022-37177

Vendor Advisory

https://www.hirevue.com/

Scores

CVSS v3 7.5

EPSS 0.0012

EPSS Percentile 30.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-327

Status published

Products (1)

hirevue/hiring_platform

Published Aug 29, 2022

Tracked Since Feb 18, 2026