What is CVE-2023-28503?

CVE-2023-28503 is a vulnerability in Rocket Software Unidata, classified under Use of Hard-coded Credentials. Published 2023-03-29.

Is CVE-2023-28503 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Rocket Software Unidata

CVE-2023-28503

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can…

EPSS: 0.723 (98.8th percentile) — read the EPSS interpretation.

Affected products

Rocket Software Unidata — versions 0
Rocket Software Universe — versions 0

Weakness classification (CWE)

CWE-798 — Use of Hard-coded Credentials

Public proof-of-concept exploits

rapid7/metasploit-framework
Network-Sec/bin-tools-pub

References

www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software… (third-party-advisory)
packetstormsecurity.com/files/171854/Rocket-Software-Unidata-udadmin_server-Aut…

Frequently asked questions

What is CVE-2023-28503?: CVE-2023-28503 is a vulnerability in Rocket Software Unidata, classified under Use of Hard-coded Credentials. Published 2023-03-29.
Is CVE-2023-28503 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.