PT-2020-13018 · Unisys · Unisys Stealth

Published

2020-06-22

Updated

2020-06-29

CVE-2020-12053

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Unisys Stealth versions 3.4.x through 5.x before 5.0.026

Description The issue concerns the use of certificate-based authorization without HTTPS, allowing an endpoint to be authorized without a private key.

Recommendations For Unisys Stealth versions 3.4.x through 5.x before 5.0.026, update to version 5.0.026 or later to resolve the issue.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2020-12053

Affected Products

Unisys Stealth

PT-2020-13018 · Unisys · Unisys Stealth

CVE-2020-12053

Weakness Enumeration

Related Identifiers

Affected Products

References · 3