Vulnerabilities > Unisys
|2022-01-24||CVE-2021-43394|| Improper Authentication vulnerability in Unisys Messaging Integration Services |
Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm.
| 7.5 |
|2022-01-12||CVE-2021-45445|| Infinite Loop vulnerability in Unisys Clearpath MCP Tcp/Ip Networking Services 59.1/60.0/62.0 |
Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop.
| 5.0 |
|2021-12-14||CVE-2021-43388|| Cleartext Storage of Sensitive Information vulnerability in Unisys Cargo Mobile |
Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup.
| 4.3 |
|2021-07-15||CVE-2021-35056|| Unquoted Search Path or Element vulnerability in Unisys Stealth |
Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task.
| 4.6 |
|2021-04-27||CVE-2020-35542|| Cross-site Scripting vulnerability in Unisys Data Exchange Management Studio |
Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field.
| 3.5 |
|2021-04-20||CVE-2021-28492|| Unspecified vulnerability in Unisys Stealth 5.0/5.0.024/5.0.026 |
Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores passwords in a recoverable format.
| 4.0 |
|2021-03-18||CVE-2021-3141|| Insufficiently Protected Credentials vulnerability in Unisys Stealth |
In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration.
| 2.1 |
|2020-10-01||CVE-2020-24620|| Use of Hard-coded Credentials vulnerability in Unisys Stealth |
Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format.
| 2.1 |
|2020-06-22||CVE-2020-12053|| Incorrect Authorization vulnerability in Unisys Stealth |
In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key.
| 7.5 |
|2020-05-21||CVE-2020-12647|| Unspecified vulnerability in Unisys Algol Compiler 58.1/59.1/60.0 |
Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax.
| 7.2 |