Vulnerabilities > Unisys > High

DATE CVE VULNERABILITY TITLE RISK
2022-09-13 CVE-2022-32555 Cross-Site Request Forgery (CSRF) vulnerability in Unisys Data Exchange Management Studio 6.0.Ic1/7.0
Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request.
network
low complexity
unisys CWE-352
8.8
2022-01-12 CVE-2021-45445 Infinite Loop vulnerability in Unisys Clearpath MCP Tcp/Ip Networking Services 59.1/60.0/62.0
Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop.
network
low complexity
unisys CWE-835
7.5
2021-12-14 CVE-2021-43388 Cleartext Storage of Sensitive Information vulnerability in Unisys Cargo Mobile
Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup.
network
low complexity
unisys CWE-312
7.5
2021-03-18 CVE-2021-3141 Insufficiently Protected Credentials vulnerability in Unisys Stealth 6.0
In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration.
local
low complexity
unisys CWE-522
7.8
2020-10-01 CVE-2020-24620 Use of Hard-coded Credentials vulnerability in Unisys Stealth
Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format.
local
low complexity
unisys CWE-798
7.8
2020-05-21 CVE-2020-12647 Unspecified vulnerability in Unisys Algol Compiler 58.1/59.1/60.0
Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax.
local
low complexity
unisys
8.8
2020-02-03 CVE-2019-18193 Information Exposure Through Log Files vulnerability in Unisys Stealth
In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions.
local
high complexity
unisys CWE-532
7.5
2020-01-07 CVE-2019-18386 Unspecified vulnerability in Unisys MCP Firmware
Systems management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems management communication channel
network
high complexity
unisys
8.7
2018-04-03 CVE-2018-8049 Improper Input Validation vulnerability in Unisys Stealth SVG
The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets.
network
low complexity
unisys CWE-20
7.5
2018-03-26 CVE-2018-8802 SQL Injection vulnerability in Unisys Clearpath Eportal Manager and Eportal-2200
SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
network
high complexity
unisys CWE-89
8.1