What is the vulnerability ID?

The vulnerability ID is CVE-2023-28509.

What is the severity of vulnerability CVE-2023-28509?

The severity of vulnerability CVE-2023-28509 is high with a severity value of 7.5.

What is the CWE (Common Weakness Enumeration) for this vulnerability?

The CWE for this vulnerability is CWE-326 and CWE-327.

How can I fix the vulnerability CVE-2023-28509?

To fix the vulnerability CVE-2023-28509, update Rocket Software UniData to version 8.2.4 build 3003 or later, and update UniVerse to version 11.3.5 build 1001 or 12.2.1 build 2002 or later.

Vulnerability/
CVE-2023-28509

high

7.5

CWE

327 326

29/3/2023

18/2/2025

CVE-2023-28509: Weak encryption in UniRPC protocol

First published: Wed Mar 29 2023(Updated: )

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 use weak encryption for packet-level security and passwords transferred on the wire.

Credit: cve@rapid7.con cve@rapid7.com

Affected Software	Affected Version	How to fix
All of
Any of
Rocket Software UniData	<=8.2.4
UniVerse	<=11.3.5
UniVerse	>=12.0.0<=12.2.1
Linux Kernel
Rocket Software UniData	<=8.2.4
UniVerse	<=11.3.5
UniVerse	>=12.0.0<=12.2.1
Linux Kernel

Never miss a vulnerability like this again

Reference Links

https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2023-28509.
Which software versions are affected by this vulnerability?
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 are affected.
What is the severity of vulnerability CVE-2023-28509?
The severity of vulnerability CVE-2023-28509 is high with a severity value of 7.5.
What is the CWE (Common Weakness Enumeration) for this vulnerability?
The CWE for this vulnerability is CWE-326 and CWE-327.
How can I fix the vulnerability CVE-2023-28509?
To fix the vulnerability CVE-2023-28509, update Rocket Software UniData to version 8.2.4 build 3003 or later, and update UniVerse to version 11.3.5 build 1001 or 12.2.1 build 2002 or later.

agent/type
agent/references
agent/weakness
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/title
agent/first-publish-date
agent/last-modified-date
agent/author
agent/source
agent/event
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/rocketsoftware
canonical/rocket software unidata
version/rocket software unidata/8.2.4
canonical/universe
version/universe/11.3.5
version/universe/12.0.0
version/universe/12.2.1
vendor/linux
canonical/linux kernel

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.