|
| |
| Unisys ID: |
UIS-2021-6 |
| Status: |
Published |
| CVE-ID: |
CVE-2021-43394 |
| Affected Product: |
Messaging Integration Services (NTSI) |
| Affected Version: |
7R3B IC3, 7R3B IC4, 7R3C, 7R3D |
| Impact: |
CRITICAL |
| CVSS v3.1 Base Score: |
9.8 |
| CVSS v3.1 Vector: |
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
v3 Calculator |
| CVSS v2.0 Base Score: |
7.5 |
| CVSS v2.0 Vector: |
AV:N/AC:L/Au:N/C:P/I:P/A:P
v2 Calculator |
| Common Weakness Enumeration (CWE):  |
CWE-303 |
| Common Platform Enumeration (CPE):  |
cpe:2.3:a:unisys:messaging_integration_services_:*:*:*:*:*:*:*:* |
| Source: |
Client Reported |
| Keyword(s): |
LDAP,NTSI,OS 2200,Authentication,ASIS,AM12 |
| Vulnerability Description: |
| LDAP authentication as provided by OS 2200 Messaging Integration Services (NTSI) does not properly validate the user supplied password. |
| System Configuration: |
| An OS 2200 Server configured for LDAP authentication through Messaging Integration Services (NTSI). |
| Impact of Exploiting Vulnerability: |
| A person attempting to sign-on can gain access when they shouldn't. |
| Remediation Description: |
| Upgrade to the appropriate IC: 7R3B IC5, 7R3C IC1, or 7R3D IC1 |
| Workaround Information: |
| Disable LDAP authentication as provided by Messaging Integration Services (NTSI) and utilize an alternate method of authentication. |
| References: |
| PLE 19319989 |
| Additional Vendor Comment: |
|