CVE-2016-1000352
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode
7.4
HIGH
CVSS 3.1
EPSS 0.39%
Description
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
How to fix CVE-2016-1000352
To remediate CVE-2016-1000352, upgrade the affected package to a fixed version below.
- —upgrade to 1.56-1 or later
- —upgrade to 1.56 or later
- —upgrade to 1.56 or later
- —upgrade to 1.56 or later
Is CVE-2016-1000352 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 1.56-1
- from 0, < 1.56
- from 0, < 1.56
- from 0, < 1.56
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.4 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |