Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-32555

Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request. Thus, a cross-site request forgery attack could occur.

Published

2022-09-13T20:15:09.750

Last Modified

2025-06-05T19:15:24.040

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-352
Type: Secondary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	unisys	data_exchange_management_studio	6.0.ic1	Yes
Application	unisys	data_exchange_management_studio	7.0	Yes

References

https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=69 Vendor Advisory ([email protected])
https://unisys.com Vendor Advisory ([email protected])
https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=69 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://unisys.com Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)