Impact
The flaw is a deserialization of untrusted data vulnerability (CWE-502) that allows a remote, unauthenticated attacker to send crafted payloads that are processed by the ibaPDA or ibaDatCoordinator applications, resulting in execution of arbitrary code and full control over the affected system.
Affected Systems
All versions of the iba Data Coordinator and ibaPDA products from the vendor iba are affected. No specific version range is listed; assume all current releases remain vulnerable until an official fix is released or the affected functionality is disabled.
Risk and Exploitability
The CVSS score of 9.3 signifies a critical risk. The flaw can be exploited without authentication over the network. EPSS data is unavailable and the vulnerability is not listed in CISA KEV, but the nature of the flaw suggests that automated tools could target it. Until an official patch is issued, the risk remains high, and operators should implement controls to reduce exposure.
OpenCVE Enrichment