Skip to main content

Connext Professional

26 CVEs product

Monthly

CVE-2026-2674 MEDIUM This Month

Out-of-bounds write conditions in RTI Connext Professional affect three distinct components - Queueing Service, Core Libraries, and Persistence Service - enabling a locally authenticated low-privileged user to corrupt memory and produce limited integrity and availability impacts on the vulnerable system. The vulnerability spans multiple release branches (6.1.x, 7.0.x-7.3.x, and 7.4.x-7.6.x) and is resolved in versions 7.7.0 and 7.3.1.3 per vendor guidance. No public exploit code has been identified at time of analysis, and this vulnerability does not appear in the CISA Known Exploited Vulnerabilities catalog.

Memory Corruption Buffer Overflow Connext Professional
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-30799 MEDIUM This Month

Identity spoofing via missing authentication in RTI Connext Professional's Security Plugins component enables a low-privileged network attacker to impersonate legitimate DDS participants, achieving high integrity and availability impact against affected deployments. Versions spanning five major release lines - 5.3.x through 7.6.x - are affected, with the fix landing at 7.7.0 for the 7.4 branch. No public exploit code or CISA KEV listing has been identified at time of analysis, but the high integrity and availability impacts on a middleware widely used in defense, aerospace, and industrial control systems elevate practical risk above what the moderate CVSS score alone suggests.

Authentication Bypass Connext Professional
NVD
CVSS 4.0
6.1
EPSS
0.3%
CVE-2026-7300 HIGH This Week

Remote denial of service and partial data exposure in RTI Connext Professional's Web Integration Service results from a classic buffer overflow (CWE-120) reachable over the network without authentication. Versions 7.4.0 before 7.x, 7.0.0 before 7.3.1.3, and 6.1.2 before 6.1.x are vulnerable, and no public exploit identified at time of analysis. The CVSS 4.0 score of 8.8 reflects high availability impact with low confidentiality and integrity impact, consistent with a filter-failure overflow that crashes the service rather than yielding full code execution.

Buffer Overflow Connext Professional
NVD VulDB
CVSS 4.0
8.8
EPSS
0.3%
CVE-2026-3894 CRITICAL Act Now

Out-of-bounds read in RTI Connext Professional Core Libraries allows remote unauthenticated attackers to read beyond intended buffer bounds, with the CVSS 4.0 vector (9.2 Critical) indicating high availability impact on both the vulnerable component and downstream systems consuming its data. The flaw affects a wide range of Connext Professional releases used as DDS middleware in defense, autonomous, and industrial deployments. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Information Disclosure Buffer Overflow Connext Professional
NVD
CVSS 4.0
9.2
EPSS
0.2%
CVE-2026-2675 MEDIUM This Month

RTI Connext Professional's Security Plugins component allows authenticated network participants to spoof the source identity of DDS (Data Distribution Service) messages due to missing authentication on a critical data-origin verification function (CWE-306). The flaw affects versions spanning 5.3.x through 7.6.x, with a patched release available at 7.7.0 and 7.3.1.3 for the respective branches. An attacker with low-privilege access to the DDS network can falsify the apparent publisher identity of data streams, directly undermining data integrity in safety-critical deployments such as autonomous systems, industrial control, and defense applications where Connext is widely used. No public exploit code has been identified at time of analysis, and it is not listed in the CISA KEV catalog.

Authentication Bypass Connext Professional
NVD
CVSS 4.0
6.0
EPSS
0.3%
CVE-2026-2467 CRITICAL Act Now

Remote heap-based buffer overflow in RTI Connext Professional Core Libraries allows unauthenticated network attackers to corrupt heap memory in the DDS middleware, impacting integrity and availability of both the vulnerable component and downstream subsystems. The flaw spans a wide range of long-supported branches (5.0.x through 7.6.x) and carries a CVSS 4.0 score of 9.2, though no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Connext Professional
NVD
CVSS 4.0
9.2
EPSS
0.2%
CVE-2025-14543 HIGH PATCH This Week

XML External Entity (XXE) injection in RTI Connext Professional's Core Libraries allows remote unauthenticated attackers to exfiltrate sensitive data and cause denial of service through maliciously crafted XML documents processed by the DDS middleware. Affects versions 4.3x through 7.6.x across all major release branches (4.3x-7.4.0), with vendor patch available but no public exploit identified at time of analysis. CVSS 8.8 (High) reflects network attack vector with high confidentiality and availability impact but no integrity compromise, consistent with typical XXE data exfiltration and resource exhaustion scenarios. SSVC assessment indicates non-automatable exploitation with partial technical impact, suggesting targeted attack scenarios rather than mass exploitation.

XXE Connext Professional
NVD VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-4374 HIGH PATCH This Week

XML External Entity (XXE) injection in RTI Connext Professional routing and service components allows remote unauthenticated attackers to exfiltrate sensitive data and trigger denial of service conditions. Affects multiple product families (Routing Service, Observability Collector, Recording Service, Queueing Service, Cloud Discovery Service) across versions 5.3.0 through 7.6.x. CVSS 8.8 (High) with network vector and no authentication required. EPSS probability remains low (0.04%, 11th percentile) with no confirmed active exploitation per CISA. Vendor patch available via RTI advisory.

XXE Connext Professional
NVD VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-2394 MEDIUM PATCH This Month

Buffer over-read vulnerability in RTI Connext Professional Core Libraries allows unauthenticated remote attackers to read beyond allocated buffer boundaries, potentially leaking sensitive data. Affected versions span multiple major release lines: 7.4.0-7.6.x, 7.0.0-7.3.0.x, 6.1.0-6.1.x, 6.0.0-6.0.x, 5.3.0-5.3.x, and 4.3x-5.2.x. The CVSS 6.3 score reflects low confidentiality impact with network-based attack surface; no public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.

Buffer Overflow Connext Professional
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-10450 HIGH PATCH This Week

Network traffic sniffing in RTI Connext Professional 7.2.0-7.3.0 and 7.4.0-7.6.x exposes private personal information to unauthorized remote actors with low attack complexity. The vulnerability allows confidentiality breach (high impact) with limited integrity and availability impacts, affecting distributed data-sharing middleware used in critical infrastructure and industrial systems. EPSS exploitation probability is minimal (0.05%, 15th percentile) with no confirmed active exploitation or public exploit code identified at time of analysis.

Authentication Bypass Connext Professional
NVD VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2025-8410 MEDIUM This Month

Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.5.0 before 7.6.0. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Connext Professional
NVD
CVSS 4.0
5.8
EPSS
0.0%
CVE-2025-1255 HIGH This Month

Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Connext Professional
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-1254 HIGH This Month

Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Connext Professional
NVD
CVSS 4.0
7.7
EPSS
0.2%
CVE-2025-1253 MEDIUM This Month

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.4.0. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1252 MEDIUM This Month

Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Connext Professional
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-52066 HIGH This Week

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.4.0 before 7.5.0, from 7.0.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
CVSS 4.0
8.3
EPSS
0.3%
CVE-2024-52065 MEDIUM This Month

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Connext Professional
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-52064 MEDIUM This Month

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.0.0 before 7.3.0.2, from 6.1.0. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-52063 HIGH This Week

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.0.0 before. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
CVSS 4.0
8.3
EPSS
0.3%
CVE-2024-52062 MEDIUM This Month

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.0.0 before 7.3.0.5, from 6.1.0. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-52061 HIGH This Week

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
CVSS 4.0
8.3
EPSS
0.4%
CVE-2024-52060 HIGH This Week

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service,. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
CVSS 4.0
8.3
EPSS
0.3%
CVE-2024-52059 MEDIUM This Month

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-52058 HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.0.0 before 7.3.0.2,. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Connext Professional
NVD
CVSS 4.0
8.6
EPSS
0.6%
CVE-2024-52057 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Professional (Queuing Service) allows SQL Injection.0.0 before 7.3.0, from 6.1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Connext Professional
NVD
CVSS 4.0
9.1
EPSS
0.4%
CVE-2024-25724 HIGH This Week

In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
CVSS 3.1
7.3
EPSS
0.2%
EPSS 0% CVSS 4.8
MEDIUM This Month

Out-of-bounds write conditions in RTI Connext Professional affect three distinct components - Queueing Service, Core Libraries, and Persistence Service - enabling a locally authenticated low-privileged user to corrupt memory and produce limited integrity and availability impacts on the vulnerable system. The vulnerability spans multiple release branches (6.1.x, 7.0.x-7.3.x, and 7.4.x-7.6.x) and is resolved in versions 7.7.0 and 7.3.1.3 per vendor guidance. No public exploit code has been identified at time of analysis, and this vulnerability does not appear in the CISA Known Exploited Vulnerabilities catalog.

Memory Corruption Buffer Overflow Connext Professional
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

Identity spoofing via missing authentication in RTI Connext Professional's Security Plugins component enables a low-privileged network attacker to impersonate legitimate DDS participants, achieving high integrity and availability impact against affected deployments. Versions spanning five major release lines - 5.3.x through 7.6.x - are affected, with the fix landing at 7.7.0 for the 7.4 branch. No public exploit code or CISA KEV listing has been identified at time of analysis, but the high integrity and availability impacts on a middleware widely used in defense, aerospace, and industrial control systems elevate practical risk above what the moderate CVSS score alone suggests.

Authentication Bypass Connext Professional
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote denial of service and partial data exposure in RTI Connext Professional's Web Integration Service results from a classic buffer overflow (CWE-120) reachable over the network without authentication. Versions 7.4.0 before 7.x, 7.0.0 before 7.3.1.3, and 6.1.2 before 6.1.x are vulnerable, and no public exploit identified at time of analysis. The CVSS 4.0 score of 8.8 reflects high availability impact with low confidentiality and integrity impact, consistent with a filter-failure overflow that crashes the service rather than yielding full code execution.

Buffer Overflow Connext Professional
NVD VulDB
EPSS 0% CVSS 9.2
CRITICAL Act Now

Out-of-bounds read in RTI Connext Professional Core Libraries allows remote unauthenticated attackers to read beyond intended buffer bounds, with the CVSS 4.0 vector (9.2 Critical) indicating high availability impact on both the vulnerable component and downstream systems consuming its data. The flaw affects a wide range of Connext Professional releases used as DDS middleware in defense, autonomous, and industrial deployments. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Information Disclosure Buffer Overflow Connext Professional
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

RTI Connext Professional's Security Plugins component allows authenticated network participants to spoof the source identity of DDS (Data Distribution Service) messages due to missing authentication on a critical data-origin verification function (CWE-306). The flaw affects versions spanning 5.3.x through 7.6.x, with a patched release available at 7.7.0 and 7.3.1.3 for the respective branches. An attacker with low-privilege access to the DDS network can falsify the apparent publisher identity of data streams, directly undermining data integrity in safety-critical deployments such as autonomous systems, industrial control, and defense applications where Connext is widely used. No public exploit code has been identified at time of analysis, and it is not listed in the CISA KEV catalog.

Authentication Bypass Connext Professional
NVD
EPSS 0% CVSS 9.2
CRITICAL Act Now

Remote heap-based buffer overflow in RTI Connext Professional Core Libraries allows unauthenticated network attackers to corrupt heap memory in the DDS middleware, impacting integrity and availability of both the vulnerable component and downstream subsystems. The flaw spans a wide range of long-supported branches (5.0.x through 7.6.x) and carries a CVSS 4.0 score of 9.2, though no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Connext Professional
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

XML External Entity (XXE) injection in RTI Connext Professional's Core Libraries allows remote unauthenticated attackers to exfiltrate sensitive data and cause denial of service through maliciously crafted XML documents processed by the DDS middleware. Affects versions 4.3x through 7.6.x across all major release branches (4.3x-7.4.0), with vendor patch available but no public exploit identified at time of analysis. CVSS 8.8 (High) reflects network attack vector with high confidentiality and availability impact but no integrity compromise, consistent with typical XXE data exfiltration and resource exhaustion scenarios. SSVC assessment indicates non-automatable exploitation with partial technical impact, suggesting targeted attack scenarios rather than mass exploitation.

XXE Connext Professional
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

XML External Entity (XXE) injection in RTI Connext Professional routing and service components allows remote unauthenticated attackers to exfiltrate sensitive data and trigger denial of service conditions. Affects multiple product families (Routing Service, Observability Collector, Recording Service, Queueing Service, Cloud Discovery Service) across versions 5.3.0 through 7.6.x. CVSS 8.8 (High) with network vector and no authentication required. EPSS probability remains low (0.04%, 11th percentile) with no confirmed active exploitation per CISA. Vendor patch available via RTI advisory.

XXE Connext Professional
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Buffer over-read vulnerability in RTI Connext Professional Core Libraries allows unauthenticated remote attackers to read beyond allocated buffer boundaries, potentially leaking sensitive data. Affected versions span multiple major release lines: 7.4.0-7.6.x, 7.0.0-7.3.0.x, 6.1.0-6.1.x, 6.0.0-6.0.x, 5.3.0-5.3.x, and 4.3x-5.2.x. The CVSS 6.3 score reflects low confidentiality impact with network-based attack surface; no public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.

Buffer Overflow Connext Professional
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Network traffic sniffing in RTI Connext Professional 7.2.0-7.3.0 and 7.4.0-7.6.x exposes private personal information to unauthorized remote actors with low attack complexity. The vulnerability allows confidentiality breach (high impact) with limited integrity and availability impacts, affecting distributed data-sharing middleware used in critical infrastructure and industrial systems. EPSS exploitation probability is minimal (0.05%, 15th percentile) with no confirmed active exploitation or public exploit code identified at time of analysis.

Authentication Bypass Connext Professional
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.5.0 before 7.6.0. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +1
NVD
EPSS 0% CVSS 8.3
HIGH This Month

Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Connext Professional
NVD
EPSS 0% CVSS 7.7
HIGH This Month

Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Connext Professional
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.4.0. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Connext Professional
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.4.0 before 7.5.0, from 7.0.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Connext Professional
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.0.0 before 7.3.0.2, from 6.1.0. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.0.0 before. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.0.0 before 7.3.0.5, from 6.1.0. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service,. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
EPSS 1% CVSS 8.6
HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.0.0 before 7.3.0.2,. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Connext Professional
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Professional (Queuing Service) allows SQL Injection.0.0 before 7.3.0, from 6.1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Connext Professional
NVD
EPSS 0% CVSS 7.3
HIGH This Week

In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy