Filtered by vendor Unisys
Subscribe
Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-32555 | 1 Unisys | 1 Data Exchange Management Studio | 2024-11-21 | N/A | 8.8 HIGH |
Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request. Thus, a cross-site request forgery attack could occur. | |||||
CVE-2021-45445 | 1 Unisys | 1 Clearpath Mcp Tcp\/ip Networking Services | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop. | |||||
CVE-2021-43394 | 1 Unisys | 2 Clearpath 2200, Messaging Integration Services | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated. | |||||
CVE-2021-43388 | 1 Unisys | 1 Cargo Mobile | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False. | |||||
CVE-2021-3141 | 1 Unisys | 1 Stealth | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration. | |||||
CVE-2021-35056 | 1 Unisys | 1 Stealth | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. An unintended executable might run. | |||||
CVE-2021-28492 | 1 Unisys | 1 Stealth | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores passwords in a recoverable format. | |||||
CVE-2020-35542 | 1 Unisys | 1 Data Exchange Management Studio | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack. | |||||
CVE-2020-24620 | 1 Unisys | 1 Stealth | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format. Therefore, a search of Enterprise Manager can potentially reveal credentials. | |||||
CVE-2020-12647 | 1 Unisys | 1 Algol Compiler | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. The resulting code could, for example, trigger a system fault or adversely affect confidentiality, integrity, and availability. | |||||
CVE-2020-12053 | 1 Unisys | 1 Stealth | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key. | |||||
CVE-2019-18386 | 1 Unisys | 1 Mcp Firmware | 2024-11-21 | 5.8 MEDIUM | 8.7 HIGH |
Systems management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems management communication channel | |||||
CVE-2019-18193 | 1 Unisys | 1 Stealth | 2024-11-21 | 6.9 MEDIUM | 7.5 HIGH |
In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions. Fixed included in 3.4.109, 4.0.027.13, 4.0.125 and 5.0.013.0. | |||||
CVE-2018-8802 | 1 Unisys | 2 Clearpath Eportal Manager, Eportal-2200 | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | |||||
CVE-2018-8049 | 3 Ibm, Linux, Unisys | 3 Aix, Linux Kernel, Stealth Svg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets. | |||||
CVE-2018-7534 | 1 Unisys | 1 Stealth Authorization Server | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory. | |||||
CVE-2018-6592 | 1 Unisys | 1 Stealth | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow local users to gain access to Stealth-enabled devices by leveraging improper cleanup of memory used for negotiation key storage. | |||||
CVE-2018-5762 | 1 Unisys | 1 Clearpath Mcp | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | |||||
CVE-2017-5873 | 1 Unisys | 1 Secure Partitioning | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | |||||
CVE-2017-5872 | 1 Unisys | 1 Clearpath Mcp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 57.1 before 57.152, 58.1 before 58.142, or 59.1 before 59.172, when running a TLS 1.2 service, allows remote attackers to cause a denial of service (network connectivity disruption) via a client hello with a signature_algorithms extension above those defined in RFC 5246, which triggers a full memory dump. |