Lucene search
Rapid7CVELIST:CVE-2023-28503HistoryMar 29, 2023 - 8:09 p.m.
CVE-2023-28503 Authentication bypass in UniRPC's udadmin service
2023-03-2920:09:43
CWE-798
rapid7
www.cve.org
3
cve-2023-28503
authentication bypass
unirpc
udadmin service
rocket software
unidata
universe
vulnerability
os commands
root user
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "UniData",
"vendor": "Rocket Software",
"versions": [
{
"lessThan": "8.2.43.3003",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "UniVerse",
"vendor": "Rocket Software",
"versions": [
{
"lessThan": "11.3.5.1001",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "12.2.1.2002",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
metasploit
metasploit
Rocket Software Unidata udadmin_server Authentication Bypass
2023-03-29 15:01:50
prion
prion
Authentication flaw
2023-03-29 21:15:00
nvd
nvd
CVE-2023-28503
2023-03-29 21:15:08
cve
cve
CVE-2023-28503
2023-03-29 21:15:08
packetstorm
packetstorm
Rocket Software Unidata udadmin_server Authentication Bypass
2023-04-12 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-04-14 18:13:48
Multiple Vulnerabilities in Rocket Software UniRPC server (Fixed)
2023-03-29 15:21:09