← Back

Igel

igel

5 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Universal Management Suite
universal_management_suite
4 CVEs
Igel Os
igel_os
1 CVE

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-47827
2Igel
Microsoft
16Igel Os
Windows 10 1507Windows 10 1607+13 more
Nov 5, 2025
Jun 5, 2025
N/A· v4
4.6 MEDIUM· v3
N/A· v2
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image...Show more
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.Show less
CVE-2022-25807
1Igel
1Universal Management Suite
Nov 21, 2024
Jun 9, 2022
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those...Show more
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key.Show less
CVE-2022-25806
1Igel
1Universal Management Suite
Nov 21, 2024
Jun 9, 2022
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those c...Show more
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key.Show less
CVE-2022-25805
1Igel
1Universal Management Suite
Nov 21, 2024
Jun 9, 2022
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect tra...Show more
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect traffic between an authenticated UMS client and server) to compromise those LDAP bind credentials.Show less
CVE-2022-25804
1Igel
1Universal Management Suite
Nov 21, 2024
Jun 9, 2022
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKEY_LOCAL_MACHINE\SOFTWARE) allow an unpri...Show more
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKEY_LOCAL_MACHINE\SOFTWARE) allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the UMS superuser.Show less