Product Support

Vulnerability Report - Stealth Services Password Exposed

 
Unisys ID: UIS-2021-3
Status: Published
CVE-ID: CVE-2021-28492
Affected Product: Stealth(core)
Affected Version: 5.0.x, 5.1.x. 6.0.x
Impact: MEDIUM
CVSS v3.1 Base Score: 5.1
CVSS v3.1 Vector: AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L  v3 Calculator
CVSS v2.0 Base Score: 4.6
CVSS v2.0 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P  v2 Calculator
CVSS Temporal Score: 4.5
Common Weakness Enumeration (CWE): 
Common Platform Enumeration (CPE):  257
Source: Internal Reported
Keyword(s): Password
Vulnerability Description:
Stealth core services contained a password literal string, used for inter-service communication.
System Configuration:
Any
Impact of Exploiting Vulnerability:
Stealth configuration could be changed.
Remediation Description:
Passwords will be converted to obfuscated integer arrays. Fix introduced in these levels: 5.0.048.0, 5.1.017.0, 6.0.037.0
Workaround Information:
None
References:
PLE 19303438
Additional Vendor Comment:
 
 
 

Disclaimer:

Unisys Corporation provides the information in this Security Vulnerability Report “AS IS.” No warranties of any nature are extended by or for the information. Unisys disclaims any financial or other responsibility that may result from your use of the information, including direct, indirect, special, or consequential damages.


Paper copies are not controlled and may be out of date; reference the Product Support Web site for current data.