HIGH🇬🇧 English

CVE-2020-14515

CVSS 7.5v3.1pub. 2020-09-16upd. 2024-11-21

CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Wibu Codemeter

    APP
    Wibu
    < 6.90
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-20093CRITICAL9.1ten sam produkt

A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote ...

CVE-2020-14509CRITICAL9.8ten sam produkt

Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet pa...

CVE-2020-14517CRITICAL9.8ten sam produkt

Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Ver...

CVE-2021-20094HIGH7.5ten sam produkt

A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote...

CVE-2020-14519HIGH7.5ten sam produkt

This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to ...

CVE-2020-14515 — HIGH 7.5 | CVEbaza.pl