cnvd - cnvd-2022-22689

cnvd-2022-22689

Vulnerability from cnvd

Title: Unisys Messaging Integration Services存在未明漏洞

Description:

Unisys Messaging Integration Services（Ntsi）是美国Unisys公司的用于两个程序之间的基于消息的接口。

Unisys Messaging Integration Services（Ntsi）存在安全漏洞，该漏洞源于网络系统或产品未正确使用相关密码算法，攻击者可利用漏洞导致内容未正确加密、弱加密、明文存储敏感信息等。

Severity: 高

Patch Name: Unisys Messaging Integration Services存在未明漏洞的补丁

Patch Description:

Unisys Messaging Integration Services（Ntsi）是美国Unisys公司的用于两个程序之间的基于消息的接口。

Unisys Messaging Integration Services（Ntsi）存在安全漏洞，该漏洞源于网络系统或产品未正确使用相关密码算法，攻击者可利用漏洞导致内容未正确加密、弱加密、明文存储敏感信息等。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=66

Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-43394

Impacted products

Name
['Unisys Messaging Integration Services 7R3B IC3', 'Unisys Messaging Integration Services 7R3B IC4', 'Unisys Messaging Integration Services 7R3C', 'Unisys Messaging Integration Services 7R3D']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-43394"
    }
  },
  "description": "Unisys Messaging Integration Services\uff08Ntsi\uff09\u662f\u7f8e\u56fdUnisys\u516c\u53f8\u7684\u7528\u4e8e\u4e24\u4e2a\u7a0b\u5e8f\u4e4b\u95f4\u7684\u57fa\u4e8e\u6d88\u606f\u7684\u63a5\u53e3\u3002\n\nUnisys Messaging Integration Services\uff08Ntsi\uff09\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u4f7f\u7528\u76f8\u5173\u5bc6\u7801\u7b97\u6cd5\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u5185\u5bb9\u672a\u6b63\u786e\u52a0\u5bc6\u3001\u5f31\u52a0\u5bc6\u3001\u660e\u6587\u5b58\u50a8\u654f\u611f\u4fe1\u606f\u7b49\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=66",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-22689",
  "openTime": "2022-03-25",
  "patchDescription": "Unisys Messaging Integration Services\uff08Ntsi\uff09\u662f\u7f8e\u56fdUnisys\u516c\u53f8\u7684\u7528\u4e8e\u4e24\u4e2a\u7a0b\u5e8f\u4e4b\u95f4\u7684\u57fa\u4e8e\u6d88\u606f\u7684\u63a5\u53e3\u3002\r\n\r\nUnisys Messaging Integration Services\uff08Ntsi\uff09\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u4f7f\u7528\u76f8\u5173\u5bc6\u7801\u7b97\u6cd5\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u5185\u5bb9\u672a\u6b63\u786e\u52a0\u5bc6\u3001\u5f31\u52a0\u5bc6\u3001\u660e\u6587\u5b58\u50a8\u654f\u611f\u4fe1\u606f\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Unisys Messaging Integration Services\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Unisys Messaging Integration Services 7R3B IC3",
      "Unisys Messaging Integration Services 7R3B IC4",
      "Unisys Messaging Integration Services  7R3C",
      "Unisys Messaging Integration Services 7R3D"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-43394",
  "serverity": "\u9ad8",
  "submitTime": "2022-01-26",
  "title": "Unisys Messaging Integration Services\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2021-43394 (GCVE-0-2021-43394)

Vulnerability from cvelistv5

Published

2022-01-24 21:15

Modified

2024-08-04 03:55

Severity ?

CWE

Summary

Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated.

References

▼	URL	Tags
	https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=66	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:55:28.698Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=66"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-24T21:15:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=66"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-43394",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=66",
              "refsource": "MISC",
              "url": "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=66"
            }
          ]
        },
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-43394",
    "datePublished": "2022-01-24T21:15:02",
    "dateReserved": "2021-11-04T00:00:00",
    "dateUpdated": "2024-08-04T03:55:28.698Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted