|
| |
| Unisys ID: |
UIS-2020-2 |
| Status: |
Published |
| CVE-ID: |
CVE-2020-12647 |
| Affected Product: |
ALGOL |
| Affected Version: |
58.1, 59.1, 60.0. |
| Impact: |
HIGH |
| CVSS v3.1 Base Score: |
8.8 |
| CVSS v3.1 Vector: |
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
v3 Calculator |
| CVSS v2.0 Base Score: |
6.8 |
| CVSS v2.0 Vector: |
(AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
v2 Calculator |
| CVSS Temporal Score: |
7.9 |
| Common Weakness Enumeration (CWE):  |
CWE-1075 |
| Common Platform Enumeration (CPE):  |
cpe:2.3:o:unisys:clearpath_mcp:*:*:*:*:*:*:*:* |
| Source: |
Client Reported |
| Keyword(s): |
ALGOL |
| Vulnerability Description: |
| A specific, rarely used combination of constructs in the ALGOL syntax could cause invalid code sequences to be generated, with random side-effects. |
| System Configuration: |
| Any Clearpath MCP system with code compiled with ALGOL 58.1, 59.1 or 60.0 compilers in the ALGOL, DCALGOL, DMALGOL or BDMSALGOL languages. |
| Impact of Exploiting Vulnerability: |
| Random side effects including system faults. |
| Remediation Description: |
| Recompile source with newer ALGOL compiler (versions: 58.1a.15 or higher, 59.1a.9 or higher, or 60.0a.5 or higher). |
| Workaround Information: |
|
| References: |
| PLE 19279031 (ALGOL), PLE 19281809 (MCP/LOG-TOOLS) |
| Additional Vendor Comment: |
|