Aggregates CVE and security vulnerability intelligence across all unisys-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk csrf, vendor risk ssrf, and vendor risk file inclusion and related problems; some flaws may lead to vendor impact unauthorized access and vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-39907 | Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's LFName parameter, allowing remote attackers to trigger SMB connections and leak NTLMv2 machine-account hashes. Attackers can submit crafted SOAP requests with UNC paths to force the server to initiate outbound SMB connections, exposing authentication credentials that may be relayed for privilege escal | [email protected] | 7.0 | 0.62% | 2026-04-14 | 2026-06-17 |
| CVE-2026-39906 | Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling techniques. Attackers can capture the leaked NTLMv2 hash and relay it to other hosts to achieve privilege escalation or lateral movement depending on network configuration and patch level. | [email protected] | 7.0 | 0.69% | 2026-04-14 | 2026-06-17 |
| CVE-2024-23758 | An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstaller_msi.log file. | [email protected] | 7.5 | 0.47% | 2024-02-20 | 2026-06-17 |
| CVE-2022-32555 | Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request. Thus, a cross-site request forgery attack could occur. | [email protected] | 8.8 | 0.29% | 2022-09-13 | 2026-06-17 |
| CVE-2021-43394 | Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated. | [email protected] | 9.8 | 1.17% | 2022-01-24 | 2026-06-17 |
| CVE-2021-45445 | Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop. | [email protected] | 7.5 | 0.97% | 2022-01-12 | 2026-06-17 |
| CVE-2021-43388 | Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False. | [email protected] | 7.5 | 0.57% | 2021-12-14 | 2026-06-17 |
| CVE-2021-35056 | Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. An unintended executable might run. | [email protected] | 6.7 | 0.25% | 2021-07-15 | 2026-06-16 |
| CVE-2020-35542 | Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack. | [email protected] | 5.4 | 0.47% | 2021-04-27 | 2026-06-16 |
| CVE-2021-28492 | Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores passwords in a recoverable format. | [email protected] | 4.9 | 0.85% | 2021-04-20 | 2026-06-16 |
| CVE-2021-3141 | In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration. | [email protected] | 7.8 | 0.22% | 2021-03-18 | 2026-06-17 |
| CVE-2020-24620 | Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format. Therefore, a search of Enterprise Manager can potentially reveal credentials. | [email protected] | 7.8 | 0.29% | 2020-10-01 | 2026-06-16 |
| CVE-2020-12053 | In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key. | [email protected] | 9.8 | 0.68% | 2020-06-22 | 2026-06-16 |
| CVE-2020-12647 | Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. The resulting code could, for example, trigger a system fault or adversely affect confidentiality, integrity, and availability. | [email protected] | 8.8 | 0.40% | 2020-05-20 | 2026-06-16 |
| CVE-2019-18193 | In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions. Fixed included in 3.4.109, 4.0.027.13, 4.0.125 and 5.0.013.0. | [email protected] | 7.5 | 0.28% | 2020-02-03 | 2026-06-16 |
| CVE-2019-18386 | Systems management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems management communication channel | [email protected] | 8.7 | 0.79% | 2020-01-07 | 2026-06-16 |
| CVE-2018-7534 | In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory. | [email protected] | 4.7 | 0.16% | 2018-05-30 | 2026-06-16 |
| CVE-2018-8049 | The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets. | [email protected] | 7.5 | 1.44% | 2018-04-03 | 2026-06-16 |
| CVE-2018-8802 | SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | [email protected] | 8.1 | 0.95% | 2018-03-26 | 2026-06-16 |
| CVE-2018-5762 | The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | [email protected] | 5.9 | 1.04% | 2018-02-26 | 2026-06-16 |