Unisys Webperfect Image Suite vulnerabilities
2 known vulnerabilities affecting unisys/webperfect_image_suite.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2026-39907P2CRITICALCVSS 10.0v3.0.3960.22604v3.0.3960.228102026-04-14
CVE-2026-39907 [CRITICAL] CWE-73 CVE-2026-39907: Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated W
Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's LFName parameter, allowing remote attackers to trigger SMB connections and leak NTLMv2 machine-account hashes. Attackers can submit crafted SOAP request
nvd
CVE-2026-39906P2CRITICALCVSS 10.0v3.0.3960.22604v3.0.3960.228102026-04-14
CVE-2026-39906 [CRITICAL] CWE-441 CVE-2026-39906: Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Re
Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling techniques. Attackers can capture the leaked NTLMv2 hash and
nvd