Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Igel Subscribe
Filtered by product Universal Management Suite
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25807 1 Igel 1 Universal Management Suite 2022-06-17 2.1 LOW 5.5 MEDIUM
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key.
CVE-2022-25806 1 Igel 1 Universal Management Suite 2022-06-17 6.5 MEDIUM 8.8 HIGH
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key.
CVE-2022-25805 1 Igel 1 Universal Management Suite 2022-06-17 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect traffic between an authenticated UMS client and server) to compromise those LDAP bind credentials.
CVE-2022-25804 1 Igel 1 Universal Management Suite 2022-06-17 2.1 LOW 5.5 MEDIUM
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKEY_LOCAL_MACHINE\SOFTWARE) allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the UMS superuser.