This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NWibu Codemeter
APPWibu< 7.00
Powiązane podatności
A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote ...
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Ver...
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet pa...
A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote...
CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an...