Description
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
Remediation
References
https://access.redhat.com/errata/RHSA-2018:2669
https://access.redhat.com/errata/RHSA-2018:2927
https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
https://security.netapp.com/advisory/ntap-20181127-0004/
https://www.oracle.com/security-alerts/cpuoct2020.html
Related Vulnerabilities
CVE-2021-21252 Vulnerability in maven package org.webjars.npm:jquery-validation
CVE-2022-21129 Vulnerability in npm package nemo-appium
CVE-2023-48240 Vulnerability in maven package org.xwiki.platform:xwiki-platform-diff-xml
CVE-2018-1000136 Vulnerability in npm package electron
CVE-2022-23618 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore