|
| |
| Unisys ID: |
UIS-2020-1 |
| Status: |
Published |
| CVE-ID: |
CVE-2020-12053 |
| Affected Product: |
Stealth Solution |
| Affected Version: |
3.4.x, 4.x, 5.0.024 |
| Impact: |
LOW |
| CVSS v3.1 Base Score: |
3.8 |
| CVSS v3.1 Vector: |
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
v3 Calculator |
| CVSS v2.0 Base Score: |
3.2 |
| CVSS v2.0 Vector: |
AV:N/AC:H/Au:M/C:P/I:P/A:N
v2 Calculator |
| Common Weakness Enumeration (CWE):  |
295 |
| Common Platform Enumeration (CPE):  |
cpe:2.3:a:unisys:stealth(core):*:*:*:*:* |
| Source: |
Internal Reported |
| Keyword(s): |
|
| Vulnerability Description: |
| Endpoint certificate validation using HTTP may erroneously succeed |
| System Configuration: |
|
| Impact of Exploiting Vulnerability: |
| Potential for an unauthorized users to become authorized as a valid user. |
| Remediation Description: |
| Starting with release 5.0.026, if the authorization process detects a certificate authorization group without HTTPS, that authorization group is not started. Other authorization groups are not affected.
|
| Workaround Information: |
| For 3.4.x, 4.x and 5.0 releases prior to 5.0.026, certificate authorization groups should be updated to use HTTPS instead of HTTP. |
| References: |
| PLE 19280021 |
| Additional Vendor Comment: |
|