|
| |
| Unisys ID: |
UIS-2018-5 |
| Status: |
Published |
| CVE-ID: |
CVE-2018-8802 |
| Affected Product: |
CLEARPATHEPORTAL; EPORTAL-2200 |
| Affected Version: |
ClearPath ePortal before 17.0a.31 or 059.1a.13; EPORTAL-2200 before 2.2.81 or 2.3.82. |
| Impact: |
HIGH |
| CVSS v3.1 Base Score: |
7.2 |
| CVSS v3.1 Vector: |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
v3 Calculator |
| CVSS v2.0 Base Score: |
|
| CVSS v2.0 Vector: |
Not Supplied
v2 Calculator |
| CVSS Temporal Score: |
6.7 |
| Common Weakness Enumeration (CWE):  |
|
| Common Platform Enumeration (CPE):  |
|
| Source: |
Client Reported |
| Keyword(s): |
EPORTAL |
| Vulnerability Description: |
| Unisys ClearPath ePortal Manager software running on Unisys MCP or OS 2200 system may allow an SQL Injection attack which can execute malicious SQL statements on the ClearPath ePortal management database. With an SQL Injection attack, the ClearPath ePortal Manager database may be compromised resulting in non-functional ClearPath ePortal Manager software. |
| System Configuration: |
| ClearPath MCP system running 17.0 CLEARPATHEPORTAL software before CLEARPATHEPORTAL-017.0A.31 or 18.0 CLEARPATHEPORTAL software before CLEARPATHEPORTAL-059.1A.13.
ClearPath OS 2200 system running 16.0 EPORTAL-2200 software before EPORTAL-2200-2.2.81 or 17.0 EPORTAL-2200 software before EPORTAL-2200-2.3.82.
|
| Impact of Exploiting Vulnerability: |
| CLEARPATHEPORTAL or EPORTAL-2200 Manager database may be compromised resulting in non-functional Manager software. |
| Remediation Description: |
| For ClearPath MCP system running 17.0, upgrade to CLEARPATHEPORTAL Interim Correction CLEARPATHEPORTAL-017.0A.31 or higher.
For ClearPath MCP system running 18.0, upgrade to CLEARPATHEPORTAL Interim Correction CLEARPATHEPORTAL-059.1A.13 or higher.
For ClearPath OS 2200 system running 16.0, upgrade to EPORTAL-2200 Interim Correction EPORTAL-2200-2.2.81 or higher.
For ClearPath OS 2200 system running 17.0, upgrade to EPORTAL-2200 Interim Correction EPORTAL-2200-2.3.82 or higher.
|
| Workaround Information: |
| None. |
| References: |
| For ClearPath MCP system, PLE 19221849.
For ClearPath OS 2200 system, PLE 19220869.
|
| Additional Vendor Comment: |
|