2017 and Prior Historical Security Advisories

Owned by Jason Apel
Mar 12, 2023
2 min read

May 22nd 2017 | Security Advisory
The following security advisory has been released for all versions of uniFLOW:

Sniffing network packages to webcall.asp possible

  • Hotfix available

  • Service Release Fix: uniFLOW V5.4 SR9

  • Further information on ITS: MOMKB-907

 

December 09th 2014 | Security Advisory
The following security advisory has been released for all versions of uniFLOW:

"POODLE" exploit (SSL 3.0 vulnerability)

  • Hotfix not planned

  • Service Release Fix: see MOMKB-759

  • Further information on ITS: MOMKB-759

 

April 11th 2014 | Security Advisory
The following security advisory has been released for uniFLOW V5.1 and V5.2:

Heartbleed Bug (OpenSSL vulnerability)

  • Hotfix available for uniFLOW V5.2 SR2

  • Service Release Fix will be available for uniFLOW V5.1 SR9 and V5.2 SR3

  • Further information on ITS: MOMKB-759

 

December 4th 2013 | Security Advisory
The following security advisories have been released by NT-ware for uniFLOW V5.2 SR1 and older:

Stored and reflected Cross Site Scripting (XSS)

  • Service Release Fix: uniFLOW V5.2 SR2

  • Further information on ITS: MOMKB-733

Arbitrary command execution

  • Service Release Fix: uniFLOW V5.2 SR2

  • Further information on ITS: MOMKB-734

Inadequate Access Control

  • Service Release Fix: uniFLOW V5.2 SR2

  • Further information on ITS: MOMKB-735

Potential credential stealing on IG

  • Service Release Fix: uniFLOW V5.2 SR2

  • Further information on ITS: MOMKB-736

Use of dangerous functions in the IG code

  • Service Release Fix: uniFLOW V5.2 SR2

  • Further information on ITS: MOMKB-737

Arbitrary file write on IG

  • Service Release Fix: uniFLOW V5.2 SR2

  • Further information on ITS: MOMKB-738

SQL Injection

  • Service Release Fix: uniFLOW V5.2 SR2

  • Further information on ITS: MOMKB-739

Information disclosure through the header response of the IG server

  • Service Release Fix: uniFLOW V5.2 SR2

  • Further information on ITS: MOMKB-740

Weak CAPTCHA security

  • Service Release Fix: uniFLOW V5.2 SR2

  • Further information on ITS: MOMKB-741

Passwords stored in plain text in the IG database

  • Service Release Fix: uniFLOW V5.2 SR2

  • Further information on ITS: MOMKB-742

Arbitrary file delete on uniFLOW server

  • Service Release Fix: uniFLOW V5.2 SR2

  • Further information on ITS: MOMKB-74

Cross site request forgery (uniFLOW server)

  • Service Release Fix: uniFLOW V5.2 SR2

  • Further information on ITS: MOMKB-744

 

May 8th 2013 | Security Advisory
The following four security advisories has been released for uniFLOW V5.1.0 – V5.1.6 and uniFLOW V5.2

Authentication with user name and PIN-code on PWCLIENT and PWRQM

  • Hotfix availability: in planning

  • Service Release Fix: uniFLOW V5.1.7, V5.2 SR1

  • Further information on ITS: MOMKB-705

 

December 8th 2011 | Security Advisory
The following four security advisories have been released for uniFLOW V5.0.5 and uniFLOW V5.1.1

Password in HTML Source

  • Hotfix availability: 08/12/2011

  • Service Release Fix: uniFLOW V5.0.6, V5.1.2, V5.2

  • Further information on ITS: MOMKB-581

SQL Injection

  • Hotfix availability: 08/12/2011

  • Service Release Fix: uniFLOW V5.0.6, V5.1.2, V5.2

  • Further information on ITS: MOMKB-583

Persistent/Stored XSS

  • Hotfix availability: 08/12/2011

  • Service Release Fix: uniFLOW V5.0.6, V5.1.2, V5.2

  • Further information on ITS: MOMKB-584

Unencrypted communication between MEAP Module and RPS

  • Hotfix availability: 08/12/2011

  • Service Release Fix: uniFLOW V5.0.6, V5.1.2, V5.2

  • Further information on ITS: MOMKB-585