CVE-2023-28503

CVE-2023-28503: Authentication bypass in UniRPC's udadmin service

Vendor Rocket Software
Product UniData
Weakness CWE-798 · Hardcoded credentials
Published March 29, 2023
Last update February 18, 2025

CVSS base score

What the vulnerability does

01Description

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user.

Key dates

02Disclosure timeline

March 29, 2023 CVE published
February 18, 2025 Record updated