Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow local users to gain access to Stealth-enabled devices by leveraging improper cleanup of memory used for negotiation key storage.
7.8CVSS
7.7AI Score
0.0004EPSS
In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions. Fixed included in 3.4.109, 4.0.027.13, 4.0.125 and 5.0.013.0.
7.5CVSS
7.5AI Score
0.0004EPSS
In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key.
9.8CVSS
9.3AI Score
0.002EPSS
Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format. Therefore, a search of Enterprise Manager can potentially reveal credentials.
7.8CVSS
7.5AI Score
0.0004EPSS
Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores passwords in a recoverable format.
4.9CVSS
5.2AI Score
0.001EPSS
In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration.
7.8CVSS
7.6AI Score
0.0004EPSS
Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. An unintended executable might run.
6.7CVSS
6.6AI Score
0.0004EPSS