Vulnerabilities > Unisys
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-03 | CVE-2019-18193 | Information Exposure Through Log Files vulnerability in Unisys Stealth In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions. | 6.9 |
| 2020-01-07 | CVE-2019-18386 | Improper Input Validation vulnerability in Unisys MCP Firmware Systems management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems management communication channel | 5.8 |
| 2018-05-30 | CVE-2018-7534 | Key Management Errors vulnerability in Unisys Stealth Authorization Server In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory. | 1.9 |
| 2018-04-03 | CVE-2018-8049 | Improper Input Validation vulnerability in Unisys Stealth SVG 2.8 The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets. | 5.0 |
| 2018-03-26 | CVE-2018-8802 | SQL Injection vulnerability in Unisys Clearpath Eportal Manager and Eportal-2200 SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | 6.5 |
| 2018-02-26 | CVE-2018-5762 | Unspecified vulnerability in Unisys Clearpath MCP 58.1/59.1 The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. network unisys | 4.3 |
| 2018-02-19 | CVE-2018-6592 | Improper Resource Shutdown or Release vulnerability in Unisys Stealth Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow local users to gain access to Stealth-enabled devices by leveraging improper cleanup of memory used for negotiation key storage. | 4.6 |
| 2017-09-30 | CVE-2017-13684 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unisys Mcp-Firmware Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via vectors related to incorrect literal handling, which trigger CPM stack corruption. | 4.6 |
| 2017-06-09 | CVE-2016-7805 | Improper Certificate Validation vulnerability in Unisys Mobigate The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 4.3 |
| 2017-04-11 | CVE-2017-5873 | Unquoted Search Path or Element vulnerability in Unisys Secure Partitioning 4.3.403/4.4.19 Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | 4.6 |