Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
25188.7%HIGH

Related CVEs

5
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-47827In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.MEDIUM4.6KEV88.7%Jun 5, 2025
CVE-2022-25807An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key.MEDIUM5.5Jun 9, 2022
CVE-2022-25806An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key.HIGH8.8Jun 9, 2022
CVE-2022-25805An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect traffic between an authenticated UMS client and server) to compromise those LDAP bind credentials.MEDIUM6.5Jun 9, 2022
CVE-2022-25804An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKEY_LOCAL_MACHINE\SOFTWARE) allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the UMS superuser.MEDIUM5.5Jun 9, 2022