POCO C++ Libraries Weak Encryption Vulnerability

Vulnerability

A vulnerability exists in POCO C++ Libraries version 1.14.1-release and prior, due to weak encryption practices. The implementation of JSON Web Signatures (JWS) uses HMAC and RSA key lengths that fall short of recommended security standards, potentially leading to vulnerabilities and attacks.

Impact

The weak encryption can be exploited to compromise the integrity and security of cryptographic operations, allowing for potential attacks that could undermine the application's security.

Added: Aug 6, 2025, 8:21 PM

Updated: Aug 6, 2025, 8:34 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.0

exploitability

4.7

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.0

exploitability

4.7

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

POCO C++ Libraries Weak Encryption Vulnerability

Vulnerability

Impact

Affected Products

pocoproject poco

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating