Universal Management Suite Security Vulnerabilities and Issues — Universal Management Suite CVE List

Lucene search

IgelUniversal Management Suite

4 matches found

CVE•added 2022/06/09 4:15 a.m.•71 views

CVE-2022-25807

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key.

5.5CVSS5.4AI score0.00051EPSS

CVE•added 2022/06/09 4:15 a.m.•61 views

CVE-2022-25804

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKEY_LOCAL_MACHINE\SOFTWARE) allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for t...

5.5CVSS5.3AI score0.00035EPSS

CVE•added 2022/06/09 4:15 a.m.•59 views

CVE-2022-25806

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key.

8.8CVSS8.5AI score0.00359EPSS

CVE•added 2022/06/09 4:15 a.m.•44 views

CVE-2022-25805

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect traffic between an authenticated UMS client and server) to compromise those LDAP b...

6.5CVSS6.5AI score0.00166EPSS