QwikSec

Security Database

CVE

CWE

Training

CVE-2023-28503

Published: Mar 29, 2023

Modified: Feb 18, 2025

PUBLISHED

Description

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user.

Vendor	Product	Versions
Rocket Software	UniData	affected `0 - < 8.2.43.3003`
Rocket Software	UniVerse	affected `0 - < 11.3.5.1001` affected `0 - < 12.2.1.2002`

Weaknesses (CWE)

References

https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/

third-party-advisory

http://packetstormsecurity.com/files/171854/Rocket-Software-Unidata-udadmin_server-Authentication-Bypass.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.