Vulnerabilities > Unisys > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-07-15 CVE-2021-35056 Unquoted Search Path or Element vulnerability in Unisys Stealth
Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task.
local
low complexity
unisys CWE-428
6.7
2021-04-27 CVE-2020-35542 Cross-site Scripting vulnerability in Unisys Data Exchange Management Studio
Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field.
network
low complexity
unisys CWE-79
5.4
2021-04-20 CVE-2021-28492 Unspecified vulnerability in Unisys Stealth
Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores passwords in a recoverable format.
network
low complexity
unisys
4.9
2018-05-30 CVE-2018-7534 Key Management Errors vulnerability in Unisys Stealth Authorization Server
In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory.
local
high complexity
unisys CWE-320
4.7
2018-02-26 CVE-2018-5762 Unspecified vulnerability in Unisys Clearpath MCP 58.1/59.1
The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
network
high complexity
unisys
5.9
2017-06-09 CVE-2016-7805 Improper Certificate Validation vulnerability in Unisys Mobigate 2.2.1.2/2.2.4.1
The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
unisys CWE-295
5.9
2017-04-11 CVE-2017-5873 Unquoted Search Path or Element vulnerability in Unisys Secure Partitioning 4.3.403/4.4.19
Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.
local
low complexity
unisys CWE-428
6.7
2017-02-03 CVE-2015-4049 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unisys Mcp-Firmware 40.0
Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service (data corruption or system crash) via vectors related to using program operators during EPSILON (level 5) based codefiles at peak memory usage, which triggers CPM stack corruption.
network
high complexity
unisys CWE-119
6.8