Wibu Codemeter Runtime vulnerabilities

4 known vulnerabilities affecting wibu/codemeter_runtime.

Total CVEs

4

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2023-3935CRITICALCVSS 9.8fixed in 7.60c≥ 0.0, ≤ 7.60b2023-09-13

CVE-2023-3935 [CRITICAL] CWE-787 CVE-2023-3935: A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b a A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

CVE-2021-41057HIGHCVSS 7.1fixed in 7.30a2021-11-14

CVE-2021-41057 [HIGH] CWE-59 CVE-2021-41057: In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite th In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.

CVE-2014-8419HIGHCVSS 7.2≤ 5.10c2014-11-26

CVE-2014-8419 [HIGH] CWE-264 CVE-2014-8419: Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all user Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file.

CVE-2011-4057MEDIUMCVSS 5.0≤ 4.30dv4.10b+2 more2012-01-13

CVE-2011-4057 [MEDIUM] CWE-399 CVE-2011-4057: Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remot Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350.