Vulnerabilities > Unisys > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-13 | CVE-2022-32555 | Cross-Site Request Forgery (CSRF) vulnerability in Unisys Data Exchange Management Studio 6.0.Ic1/7.0 Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request. | 8.8 |
2022-01-12 | CVE-2021-45445 | Infinite Loop vulnerability in Unisys Clearpath MCP Tcp/Ip Networking Services 59.1/60.0/62.0 Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop. | 7.5 |
2021-12-14 | CVE-2021-43388 | Cleartext Storage of Sensitive Information vulnerability in Unisys Cargo Mobile Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. | 7.5 |
2021-03-18 | CVE-2021-3141 | Insufficiently Protected Credentials vulnerability in Unisys Stealth 6.0 In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration. | 7.8 |
2020-10-01 | CVE-2020-24620 | Use of Hard-coded Credentials vulnerability in Unisys Stealth Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format. | 7.8 |
2020-05-21 | CVE-2020-12647 | Unspecified vulnerability in Unisys Algol Compiler 58.1/59.1/60.0 Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. | 8.8 |
2020-02-03 | CVE-2019-18193 | Information Exposure Through Log Files vulnerability in Unisys Stealth In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions. | 7.5 |
2020-01-07 | CVE-2019-18386 | Unspecified vulnerability in Unisys MCP Firmware Systems management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems management communication channel | 8.7 |
2018-04-03 | CVE-2018-8049 | Improper Input Validation vulnerability in Unisys Stealth SVG The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets. | 7.5 |
2018-03-26 | CVE-2018-8802 | SQL Injection vulnerability in Unisys Clearpath Eportal Manager and Eportal-2200 SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | 8.1 |