PT-2021-19291 · Unisys · Unisys Stealth

Published

2021-03-18

Updated

2021-03-25

CVE-2021-3141

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Unisys Stealth (core) versions prior to 6.0.025.0

Description The Keycloak password is stored in a recoverable format, potentially allowing a local attacker to access the Management Server and modify the Stealth configuration.

Recommendations For versions prior to 6.0.025.0, update to version 6.0.025.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Management Server to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2021-3141

Affected Products

Unisys Stealth

PT-2021-19291 · Unisys · Unisys Stealth

CVE-2021-3141

Weakness Enumeration

Related Identifiers

Affected Products

References · 7