CVE-2023-28503

Name of the Vulnerable Software and Affected Versions Rocket Software UniData versions prior to 8.2.4 build 3003 Rocket Software UniVerse versions prior to 11.3.5 build 1001 Rocket Software UniVerse versions prior to 12.2.1 build 2002

Description The issue is related to an authentication bypass vulnerability in the do log on user() function of Rocket Software UniData and UniVerse UniRPC. This vulnerability can be exploited by a remote attacker to bypass security restrictions and execute arbitrary commands as the root user. The vulnerability can be leveraged using a special username with a deterministic password to bypass authentication checks.

Recommendations For Rocket Software UniData versions prior to 8.2.4 build 3003, update to version 8.2.4 build 3003 or later to resolve the issue. For Rocket Software UniVerse versions prior to 11.3.5 build 1001, update to version 11.3.5 build 1001 or later to resolve the issue. For Rocket Software UniVerse versions prior to 12.2.1 build 2002, update to version 12.2.1 build 2002 or later to resolve the issue. As a temporary workaround, consider restricting access to the do log on user() function until a patch is available.