Unified Automation is commited to secure software development and to constant security improvement. The approach to reach this goal has many aspects. The fundamental basics are founded in a solid development process which we have conducted to create, deliver and maintain highest quality software.
The software tools, applications and libraries are developed following a defined procedure that includes the following fundamental steps:
In addition we have a team of experts that monitor security as they arise. The team follows a process analysing, classifying and resolving reported issues in a timely fashion. The team publishes vulnerability reports and informs customers that may use affected products.
Depending on the outcome of the deep analysis we decide to inform our customers only or to make the security report public available. Vulnerability reports that are disclosed to the general public can be found here:
# | Date Published | CVE Number | Brief Description | Report Status |
1 | April 9, 2014 | CVE-2014-0160 | Heartbleed Bug in OpenSSL | public |
2 | March 3, 2015 | CVE-2015-0286 | ASN1 Crash | restricted * |
3 | July 31, 2017 | CVE-2017-12069 | XML External Entity attack when using DTD | restricted * |
4 | March 8, 2018 | CVE-2018-7559 | UserAuthentication Token Exploit | public |
5 | May 18, 2018 | n/a | Kaspersky 17 zero-day Exploits | restricted * |
6 | July 01, 2018 | CVE-2018-12086 | Endless Recursion in DiagnosticInfo | public |
7 | July 01, 2018 | CVE-2018-12087 | Decrypt PWD sent by Client over insecure connection | restricted * |
8 | October 26, 2018 | n/a | Unexpected Request | restricted * |
9 | November 13, 2019 | n/a | Unquoted Service Path | restricted * |
10 | March 10, 2020 | CVE-2019-19135 | Insufficient ServerNonce | public |
11 | November 16, 2020 | CVE-2020-29457 | Multiple Error Suppression | restricted * |
12 | February 17, 2021 | CVE-2017-12069 CVE-2021-27434 | UPDATE: XML External Entity attack when using DTD | restricted * |
13 | February 17, 2021 | CVE-2021-27432 | Endless Recursion in XML Structures | restricted * |
14 | March 18, 2021 | CVE-2021-3450 | Strict Certificate Chain Validation | public |
15 | November 11, 2021 | CVE-2021-3541 | Exponential Entity Expansion (DoS) in LibXML2 | public |
16 | December 10, 2021 | CVE-2021-44228 | Zero-Day security vulnerability Log4Shell in log4j v2.x | public |
17 | December 21, 2021 | CVE-2021-45117 | Response message Statuscode (PoD) | restricted * |
18 | March 17, 2022 | CVE-2022-0778 | ModSqrtFct endless loop (DoS) in OpenSSL | public |
19 | April 19, 2022 | CVE-2022-29863 CVE-2022-29866 | Uncontrolled Resource Consumption (DoS) in .NET SDK | restricted * |
20 | April 20, 2022 | CVE-2022-29865 | Bypass Trust Check in .NET SDK | restricted * |
21 | April 22, 2022 | CVE-2022-37013 | Chained Certificate Loop PoD | restricted * |
22 | April 22, 2022 | CVE-2022-37012 | Referece Counter Decrement DoS | restricted * |
23 | April 22, 2022 | n/a | JFrog 12 zero-day Exploits DoS | restricted * |
24 | October 24, 2022 | CVE-2022-44725 | Autoload Config File (PrivEsc) in OpenSSL | public |
25 | February 15, 2023 | CVE-2023-27321 | ZDI ConditionRefresh in .NET SDK DoS | restricted * |
26 | February 16, 2023 | CVE-2023-0286 CVE-2022-4203 CVE-2022-4304 | 3 out of 8 bugs in OpenSSL | public |
27 | February 17, 2023 | n/a | Skip Certificate Loop in C-Stack PoD | restricted * |
28 | December 08, 2023 | n/a | .NET Server SDK Push access to CertificateGroups | restricted * |
29 | August 02, 2024 | n/a | Basic128Rsa15 Padding Oracle | public |
30 | August 02, 2024 | n/a | HTTPS Authentication Bypass | public |
31 | September 13, 2024 | n/a | .NET Server SDK AdditionalHeader DoS | restricted * |
32 | September 27, 2024 | n/a | C++ Server SDK double free race condition in C-Stack DoS | restricted * |
* Restricted Security Bulletin (customers only) - request via Support Form
Only words with 2 or more characters are accepted
Max 200 chars total
Space is used to split words, "" can be used to search for a whole string (not indexed search then)
AND, OR and NOT are prefix words, overruling the default operator
+/|/- equals AND, OR and NOT as operators.
All search words are converted to lowercase.