Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request. Thus, a cross-site request forgery attack could occur.
Max CVSS
8.8
EPSS Score
0.07%
Published
2022-09-13
Updated
2022-09-17
Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop.
Max CVSS
7.5
EPSS Score
0.10%
Published
2022-01-12
Updated
2022-01-19
Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated.
Max CVSS
9.8
EPSS Score
0.20%
Published
2022-01-24
Updated
2022-01-31
Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False.
Max CVSS
7.5
EPSS Score
0.15%
Published
2021-12-14
Updated
2021-12-16
In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration.
Max CVSS
7.8
EPSS Score
0.04%
Published
2021-03-18
Updated
2021-03-25
Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format. Therefore, a search of Enterprise Manager can potentially reveal credentials.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-10-01
Updated
2021-02-12
Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. The resulting code could, for example, trigger a system fault or adversely affect confidentiality, integrity, and availability.
Max CVSS
8.8
EPSS Score
0.04%
Published
2020-05-21
Updated
2020-06-01
In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key.
Max CVSS
9.8
EPSS Score
0.15%
Published
2020-06-22
Updated
2020-06-29
Systems management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems management communication channel
Max CVSS
8.7
EPSS Score
0.10%
Published
2020-01-07
Updated
2021-07-21
In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions. Fixed included in 3.4.109, 4.0.027.13, 4.0.125 and 5.0.013.0.
Max CVSS
7.5
EPSS Score
0.04%
Published
2020-02-03
Updated
2020-04-09
SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
Max CVSS
8.1
EPSS Score
0.12%
Published
2018-03-26
Updated
2018-08-21
The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets.
Max CVSS
7.5
EPSS Score
0.22%
Published
2018-04-03
Updated
2018-05-21
Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow local users to gain access to Stealth-enabled devices by leveraging improper cleanup of memory used for negotiation key storage.
Max CVSS
7.8
EPSS Score
0.04%
Published
2018-02-19
Updated
2019-10-03
Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via vectors related to incorrect literal handling, which trigger CPM stack corruption.
Max CVSS
7.8
EPSS Score
0.21%
Published
2017-09-30
Updated
2017-10-10
The TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 57.1 before 57.152, 58.1 before 58.142, or 59.1 before 59.172, when running a TLS 1.2 service, allows remote attackers to cause a denial of service (network connectivity disruption) via a client hello with a signature_algorithms extension above those defined in RFC 5246, which triggers a full memory dump.
Max CVSS
7.5
EPSS Score
0.18%
Published
2017-03-10
Updated
2017-03-16
Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet.
Max CVSS
10.0
EPSS Score
1.08%
Published
2009-06-26
Updated
2009-06-29
The dynamic initialization feature of the ClearPath MCP environment allows remote attackers to cause a denial of service (crash) via a TCP port scan using a tool such as nmap.
Max CVSS
7.8
EPSS Score
0.40%
Published
2002-12-31
Updated
2008-09-05
17 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!