Product Support

Vulnerability Report - The Keycloak password is exposed

 
Unisys ID: UIS-2021-2
Status: Published
CVE-ID: CVE-2021-3141
Affected Product: Stealth
Affected Version: 6.0.012.0
Impact: HIGH
CVSS v3.1 Base Score: 7.7
CVSS v3.1 Vector: AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H  v3 Calculator
CVSS v2.0 Base Score: 6.8
CVSS v2.0 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C  v2 Calculator
CVSS Temporal Score: 7.4
Common Weakness Enumeration (CWE):  257
Common Platform Enumeration (CPE): 
Source: Internal Reported
Keyword(s): Password
Vulnerability Description:
The KeyCloak password is exposed
System Configuration:
Stealth 6.0.xxx environment below level 6.0.025.0 are vulnerable.
Impact of Exploiting Vulnerability:
Attacker could gain access to the Management Server and change the Stealth configuration.
Remediation Description:
Update to Stealth 6.0.025.0 or above.
Workaround Information:
None
References:
PLE 19299775
Additional Vendor Comment:
 
 
 

Disclaimer:

Unisys Corporation provides the information in this Security Vulnerability Report “AS IS.” No warranties of any nature are extended by or for the information. Unisys disclaims any financial or other responsibility that may result from your use of the information, including direct, indirect, special, or consequential damages.


Paper copies are not controlled and may be out of date; reference the Product Support Web site for current data.