Product Support

Vulnerability Report - Search of Enterprise Manager can potentially reveal credentials

 
Unisys ID: UIS-2020-3
Status: Published
CVE-ID: CVE-2020-24620
Affected Product: Stealth Solution
Affected Version: 4.0.02x and 4.0.131
Impact: HIGH
CVSS v3.1 Base Score: 7.7
CVSS v3.1 Vector: AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:H/E:U/RL:O/RC:C  v3 Calculator
CVSS v2.0 Base Score: 6.2
CVSS v2.0 Vector: (AV:L/AC:L/Au:M/C:C/I:P/A:C)  v2 Calculator
CVSS Temporal Score: 6.7
Common Weakness Enumeration (CWE):  257
Common Platform Enumeration (CPE):  cpe:2.3:a:unisys:stealth:4.0:*:*:*:*:*:*:*
Source: Internal Reported
Keyword(s): credentials
Vulnerability Description:
Search of Enterprise Manager can potentially reveal credentials
System Configuration:
Any Stealth configuration
Impact of Exploiting Vulnerability:
Potential for gaining access to the EM database
Remediation Description:
Please upgrade to Stealth 4.0.134 or higher.
Workaround Information:
References:
PLE 19279677
Additional Vendor Comment:
 
 
 

Disclaimer:

Unisys Corporation provides the information in this Security Vulnerability Report “AS IS.” No warranties of any nature are extended by or for the information. Unisys disclaims any financial or other responsibility that may result from your use of the information, including direct, indirect, special, or consequential damages.


Paper copies are not controlled and may be out of date; reference the Product Support Web site for current data.