Primary

Context

Anviz CrossChex Standard Algorithm Downgrade Vulnerability Allowing Cleartext Database Credential Transmission

Vulnerability

A vulnerability exists in Anviz CrossChex Standard that allows an attacker to manipulate the TDS7 PreLogin process to disable encryption. This action results in database credentials being transmitted in plaintext, which could lead to unauthorized access to the database.

Impact

Exploitation of this vulnerability could result in unauthorized access to the database, allowing attackers to view, modify, or delete database information.

Remediation

Anviz did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Anviz for more information.

Added: Apr 17, 2026, 8:29 PM

Updated: Apr 17, 2026, 8:29 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.3

remediation

7.9

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.3

remediation

7.9

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Anviz CrossChex Standard Algorithm Downgrade Vulnerability Allowing Cleartext Database Credential Transmission

Vulnerability

Impact

Remediation

Affected Products

Anviz CrossChex Standard

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating