CVE-2026-1433
MEDIUM
4.8
CVSS 4.0
Description
uniFLOW Universal Login Manager (ULM) Standalone
contains an information disclosure vulnerability that may allow an
authenticated administrator to access sensitive configuration information
through the ULM Remote User Interface (RUI). Exploitation requires
administrative privileges and may disclose configuration data associated with
SMTP or LDAP integrations. ULM deployments connected to uniFLOW Server or
uniFLOW Online are not affected.
Metadata
Severity & Metrics
4.8
MEDIUM CVSS 4.0
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| NT-ware | uniFLOW ULM (Universal Login Manager) Standalone | Web Application | 0 ≤ 5.10 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-522 | cna | CWE-522: Insufficiently Protected Credentials |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 4.8 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N |
References (2)