Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Unidata | Rocketsoftware | * | 8.2.4 (including) |
Universe | Rocketsoftware | * | 11.3.5 (including) |
Universe | Rocketsoftware | 12.0.0 (including) | 12.2.1 (including) |