|
| |
| Unisys ID: |
UIS-2021-3 |
| Status: |
Published |
| CVE-ID: |
CVE-2021-28492 |
| Affected Product: |
Stealth(core) |
| Affected Version: |
5.0.x, 5.1.x. 6.0.x |
| Impact: |
MEDIUM |
| CVSS v3.1 Base Score: |
5.1 |
| CVSS v3.1 Vector: |
AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L
v3 Calculator |
| CVSS v2.0 Base Score: |
4.6 |
| CVSS v2.0 Vector: |
AV:N/AC:H/Au:S/C:P/I:P/A:P
v2 Calculator |
| CVSS Temporal Score: |
4.5 |
| Common Weakness Enumeration (CWE):  |
|
| Common Platform Enumeration (CPE):  |
257 |
| Source: |
Internal Reported |
| Keyword(s): |
Password |
| Vulnerability Description: |
| Stealth core services contained a password literal string, used for inter-service communication. |
| System Configuration: |
| Any |
| Impact of Exploiting Vulnerability: |
| Stealth configuration could be changed. |
| Remediation Description: |
| Passwords will be converted to obfuscated integer arrays. Fix introduced in these levels:
5.0.048.0, 5.1.017.0, 6.0.037.0
|
| Workaround Information: |
| None |
| References: |
| PLE 19303438 |
| Additional Vendor Comment: |
|