CVE-2023-28509

EPSS 0.28%
Veröffentlicht 29.03.2023 21:15:08
Zuletzt bearbeitet 18.02.2025 17:15:17
Quelle cve@rapid7.com
CVE-Watchlists
Login
Unerledigt
Login

Weak encryption in UniRPC protocol

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 use weak encryption for packet-level security and passwords transferred on the wire.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rocketsoftware ≫ Unidata Version <= 8.2.4

Linux ≫ Linux Kernel Version-

Rocketsoftware ≫ Universe Version <= 11.3.5

Linux ≫ Linux Kernel Version-

Rocketsoftware ≫ Universe Version >= 12.0.0 <= 12.2.1

Linux ≫ Linux Kernel Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.196

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-28509

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-28509

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-28509

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-28509