Unisys: >> Stealth Security Vulnerabilities
An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstaller_msi.log file.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-02-20
Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. An unintended executable might run.
CVSS Score
6.7
EPSS Score
0.001
Published
2021-07-15
Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores passwords in a recoverable format.
CVSS Score
4.9
EPSS Score
0.003
Published
2021-04-20
In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-03-18
Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format. Therefore, a search of Enterprise Manager can potentially reveal credentials.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-10-01
In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-06-22
In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions. Fixed included in 3.4.109, 4.0.027.13, 4.0.125 and 5.0.013.0.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-02-03
Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow local users to gain access to Stealth-enabled devices by leveraging improper cleanup of memory used for negotiation key storage.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-02-19