CVE-2023-28509— Weak encryption in UniRPC protocol
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-28509
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Weak encryption in UniRPC protocol
Source: NVD (National Vulnerability Database)
Vulnerability Description
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 use weak encryption for packet-level security and passwords transferred on the wire.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用已被攻破或存在风险的密码学算法
Source: NVD (National Vulnerability Database)
Vulnerability Title
Rocket Software UniData 和 UniVerse 加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Rocket Software UniVerse和Rocket Software UniData都是美国Rocket Software公司的产品。Rocket Software UniVerse是一套现在由 Rocket Software 拥有的数据库管理和支持软件。Rocket Software UniData是一个 MultiValue 应用程序平台。用于从 Rocket Software 开发快速、灵活和安全的应用程序。 Rocket Software UniData 8.2.4 build 300
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Rocket Software | UniData | 0 ~ 8.2.43.3003 | - | |
| Rocket Software | UniVerse | 0 ~ 11.3.5.1001 | - |
II. Public POCs for CVE-2023-28509
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-28509
请登录查看更多情报信息。
Same Patch Batch · Rocket Software · 2023-03-29 · 9 CVEs total
| CVE-2023-28501 | Heap buffer overflow in unirpcd | |
| CVE-2023-28502 | Stack buffer overflow in UniRPC's udadmin_server service | |
| CVE-2023-28503 | Authentication bypass in UniRPC's udadmin service | |
| CVE-2023-28504 | Stack buffer overflow in UniRPC library function | |
| CVE-2023-28505 | Buffer overflow in UniRPC library function | |
| CVE-2023-28506 | Stack buffer overflow in UniRPC service | |
| CVE-2023-28507 | Memory exhaustion in LZ4 decompression in UniRPC daemon | |
| CVE-2023-28508 | Heap corruption in UniRPC service |
IV. Related Vulnerabilities
Same product: UniData
Same vendor: Rocket Software
Same weakness: CWE-327
- CVE-2026-6411
MAXHUB Pivot Client Application Use of a Broken or Risky Cry - CVE-2026-44405
Paramiko 加密问题漏洞 - CVE-2026-32959
Silex SD-330AC和Silex AMC Manager 安全漏洞 - CVE-2026-5588
PKIX draft CompositeVerifier accepts empty signature sequenc - CVE-2025-14813
GOSTCTR implementation unable to process more than 255 block
V. Comments for CVE-2023-28509
No comments yet