CRITICAL🇵🇱 Wersja polska

CVE-2020-14517

CVSS 9.8v3.1pub. 2020-09-16upd. 2024-11-21

Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Wibu Codemeter

    APP
    Wibu
    < 6.90
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-20093CRITICAL9.1ten sam produkt

A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote ...

CVE-2020-14509CRITICAL9.8ten sam produkt

Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet pa...

CVE-2021-20094HIGH7.5ten sam produkt

A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote...

CVE-2020-16233HIGH7.5ten sam produkt

An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send ...

CVE-2020-14519HIGH7.5ten sam produkt

This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to ...