Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-43394

Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated.

Published

2022-01-24T22:15:07.763

Last Modified

2024-11-21T06:29:09.200

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	unisys	messaging_integration_services	7r3b_ic3	Yes
Application	unisys	messaging_integration_services	7r3b_ic4	Yes
Application	unisys	messaging_integration_services	7r3c	Yes
Application	unisys	messaging_integration_services	7r3d	Yes
Operating System	unisys	clearpath_2200	-	No

References

https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=66 Vendor Advisory ([email protected])
https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=66 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)