Lucene search
K
UciIdol2

5 matches found

CVE
CVE
added 2024/08/22 12:0 a.m.58 views

CVE-2024-45169

CVE-2024-45169 affects UCI IDOL 2 (IDOL2/uciIDOL) up to version 2.12. The issue stems from improper input validation, improper deserialization, and restricting operations within memory buffer bounds, enabling Denial-of-Service and potentially remote code execution via the \xB0\x00\x3c byte sequen...

9.8CVSS7.9AI score0.01384EPSS
CVE
CVE
added 2024/08/22 12:0 a.m.53 views

CVE-2024-45168

CVE-2024-45168 affects UCI IDOL 2 (IDOL2) up to version 2.12. The vulnerability arises because data is transferred over a raw socket without authentication, making communication endpoints not verifiable. Reported CVSSv3.1 base score is 9.1 (CRITICAL) with network exposure, low attack complexity, ...

9.1CVSS7.2AI score0.00691EPSS
CVE
CVE
added 2024/08/22 12:0 a.m.49 views

CVE-2024-45166

UCI IDOL 2 (IDOL2/uciIDOL) up to version 2.12 is affected by a vulnerability caused by improper input validation, improper deserialization, and improper restriction of memory buffer operations. The issue can lead to Denial-of-Service and possibly remote code execution, with an access violation an...

9.8CVSS7.8AI score0.01046EPSS
CVE
CVE
added 2024/08/22 12:0 a.m.49 views

CVE-2024-45167

The CVE-2024-45167 entry concerns UCI IDOL 2 (IDOL2) prior to or up to version 2.12. The root cause is improper input validation, improper deserialization, and restricting operations within memory buffer bounds, leading to a DoS condition and potential remote code execution. A specific XmlMessage...

9.8CVSS7.8AI score0.01205EPSS
CVE
CVE
added 2024/08/22 12:0 a.m.48 views

CVE-2024-45165

CVE-2024-45165 affects UCI IDOL 2 (IDOL2) up to version 2.12. The issue is that the client–server encryption uses a static, hardcoded key derived from the string “(c)2007 UCI Software GmbH B.Boll.” This enables an attacker with access to the messages to decrypt and re-encrypt traffic, enabling pa...

5.3CVSS6.8AI score0.00174EPSS