Ken Takara

**Name of the Vulnerable Software and Affected Versions** Percona XtraBackup versions prior to 2.3.6 Percona XtraBackup versions 2.4.x prior to 2.4.5 **Description** The issue arises from the improper setting of the initialization vector (IV) for encryption in xbcrypt, making it easier for attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. **Recommendations** For Percona XtraBackup versions prior to 2.3.6, update to version 2.3.6 or later. For Percona XtraBackup versions 2.4.x prior to 2.4.5, update to version 2.4.5 or later.