Lucene search
K
WibuCodemeter

9 matches found

CVE
CVE
added 2020/09/16 7:42 p.m.184 views

CVE-2020-14517

CVE-2020-14517 (CodeMeter). Affects CodeMeter WebAdmin and related components; protocol encryption can be easily broken, and the server can accept external connections, potentially allowing an attacker to remotely communicate with the CodeMeter API. Affected: CodeMeter before 6.90, and 6.90+ only...

9.8CVSS9.3AI score0.00666EPSS
CVE
CVE
added 2021/06/16 11:9 a.m.133 views

CVE-2021-20093

CVE-2021-20093 affects Wibu-Systems CodeMeter Runtime (CodeMeter, CmWAN/CodeMeter Network Server) prior to v7.21a. The issue is a buffer over-read (CWE-126) in the CodeMeter Runtime network server that can be exploited by an unauthenticated remote attacker to disclose heap memory contents or cras...

9.1CVSS9.1AI score0.33304EPSS
CVE
CVE
added 2020/09/16 7:39 p.m.132 views

CVE-2020-14509

CVE-2020-14509 concerns CodeMeter WebAdmin prior to 7.10a. The vulnerability is a memory corruption issue in the packet parser that does not verify length fields, allowing an attacker to send specially crafted packets to trigger the flaw. Public sources describe potential outcomes as remote code ...

9.8CVSS9.5AI score0.02031EPSS
CVE
CVE
added 2020/09/16 7:48 p.m.93 views

CVE-2020-14515

CVE-2020-14515 affects CodeMeter WebAdmin prior to 6.90: a flaw in the license-file signature checking mechanism allows forging or arbitrary license files, potentially impersonating a vendor. This is limited to CmActLicense update files with CmActLicense Firm Code. Related sources indicate that e...

7.5CVSS7.5AI score0.00838EPSS
CVE
CVE
added 2020/09/16 7:49 p.m.87 views

CVE-2020-14513

CVE-2020-14513 affects CodeMeter up to version 6.80 (and WebAdmin components) where processing a specially crafted license file can crash the software due to unverified length fields. Multiple sources (NVD/NCSC/Red Hat advisories, Tenable plugin) confirm CodeMeter prior to 6.81 is affected; updat...

7.5CVSS7.4AI score0.01562EPSS
CVE
CVE
added 2020/09/16 7:44 p.m.87 views

CVE-2020-14519

CVE-2020-14519 affects CodeMeter WebAdmin’s internal WebSockets API. According to the provided documents, all versions prior to 7.00 are affected, including 7.0 or newer if the affected WebSockets API remains enabled, particularly when a web browser accesses the CodeMeter web server. The vulnerab...

7.5CVSS7.3AI score0.00637EPSS
CVE
CVE
added 2020/09/16 7:51 p.m.86 views

CVE-2020-16233

CVE-2020-16233 affects CodeMeter WebAdmin (CodeMeter, prior to version 7.10). A network attacker could send a specially crafted packet to cause the server to return packets containing data from the heap, exposing heap data and potentially enabling further exploitation. The vulnerability is docume...

7.5CVSS7.3AI score0.01842EPSS
CVE
CVE
added 2021/06/16 11:9 a.m.78 views

CVE-2021-20094

CVE-2021-20094 is a publicly documented vulnerability in Wibu-Systems CodeMeter Runtime (CmWAN server) affecting versions earlier than 7.21a. An unauthenticated remote attacker can crash the CodeMeter Runtime Server by sending specially crafted packets to the CmWAN service. The connected sources ...

7.5CVSS7.3AI score0.04673EPSS
CVE
CVE
added 2017/09/07 1:0 p.m.76 views

CVE-2017-13754

CVE-2017-13754 is an XSS flaw in Wibu-Systems CodeMeter (advanced settings – time server) where an attacker can inject script via the server name field in actions/ChangeConfiguration.html. Vulnerable until CodeMeter version 6.50b (and is embedded in some FactoryTalk Activation Manager releases pr...

5.4CVSS5.4AI score0.03877EPSS
Web