Vulnerabilities > Unisys > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-01-12 CVE-2021-45445 Infinite Loop vulnerability in Unisys Clearpath MCP Tcp/Ip Networking Services 59.1/60.0/62.0
Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop.
network
low complexity
unisys CWE-835
5.0
2021-12-14 CVE-2021-43388 Cleartext Storage of Sensitive Information vulnerability in Unisys Cargo Mobile
Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup.
network
unisys CWE-312
4.3
2021-07-15 CVE-2021-35056 Unquoted Search Path or Element vulnerability in Unisys Stealth
Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task.
local
low complexity
unisys CWE-428
4.6
2021-04-20 CVE-2021-28492 Unspecified vulnerability in Unisys Stealth 5.0/5.0.024/5.0.026
Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores passwords in a recoverable format.
network
low complexity
unisys
4.0
2020-02-03 CVE-2019-18193 Information Exposure Through Log Files vulnerability in Unisys Stealth
In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions.
local
unisys CWE-532
6.9
2020-01-07 CVE-2019-18386 Improper Input Validation vulnerability in Unisys MCP Firmware
Systems management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems management communication channel
network
unisys CWE-20
5.8
2018-04-03 CVE-2018-8049 Improper Input Validation vulnerability in Unisys Stealth SVG 2.8
The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets.
network
low complexity
unisys ibm linux CWE-20
5.0
2018-03-26 CVE-2018-8802 SQL Injection vulnerability in Unisys Clearpath Eportal Manager and Eportal-2200
SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
network
low complexity
unisys CWE-89
6.5
2018-02-26 CVE-2018-5762 Unspecified vulnerability in Unisys Clearpath MCP 58.1/59.1
The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
network
unisys
4.3
2018-02-19 CVE-2018-6592 Improper Resource Shutdown or Release vulnerability in Unisys Stealth
Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow local users to gain access to Stealth-enabled devices by leveraging improper cleanup of memory used for negotiation key storage.
local
low complexity
unisys CWE-404
4.6