Authentication Algorithm Flaw in Unisys OS 2200 Messaging Integration Services
CVE-2021-43394

9.8CRITICAL

Key Information:

Vendor: Unisys
Status: Messaging Integration Services
Vendor: CVE Published:; 24 January 2022

What is CVE-2021-43394?

The Unisys OS 2200 Messaging Integration Services versions 7R3B IC3, 7R3B IC4, 7R3C, and 7R3D exhibit an issue with the implementation of their authentication algorithm. This flaw allows for improper validation of LDAP passwords, potentially exposing sensitive information and compromising system integrity. Organizations utilizing these specific versions should assess their systems and apply necessary patches to mitigate risks associated with this vulnerability.

References

https://public.support.unisys.com/common/public/vulnerabi...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2022
Vulnerability Reserved
Nov 4, 2021

CVE-2021-43394 Data

JSON