Details of VAR-201702-0577

ID

VAR-201702-0577

CVE

CVE-2015-4049

TITLE

plural Unisys Libra and FS600 of class system of MCP-FIRMWARE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-007398

DESCRIPTION

Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service (data corruption or system crash) via vectors related to using program operators during EPSILON (level 5) based codefiles at peak memory usage, which triggers CPM stack corruption. Unisys Libra 43xx and so on are all MCP-based application system architectures developed by Unisys Corporation of the United States. MCP-FIRMWARE 40.0 versions prior to 40.0IC4 Build 270 in Unisys Libra 43xx, 63xx, 83xx and FS600 class systems have a security vulnerability. A remote attacker could exploit this vulnerability to cause a denial of service (data corruption and system crash)

Trust: 1.71

sources: NVD: CVE-2015-4049 // JVNDB: JVNDB-2015-007398 // VULHUB: VHN-82010

AFFECTED PRODUCTS

vendor:	unisys	model:	mcp-	scope:	eq	version:	40.0	Trust: 1.6
vendor:	unisys	model:	mcp-	scope:	lt	version:	40.0	Trust: 0.8
vendor:	unisys	model:	mcp-	scope:	eq	version:	40.0ic4 build 270	Trust: 0.8

sources: JVNDB: JVNDB-2015-007398 // CNNVD: CNNVD-201702-011 // NVD: CVE-2015-4049

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4049
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4049
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201702-011
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82010
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4049
severity:	MEDIUM
baseScore:	5.6
vectorString:	AV:N/AC:H/AU:S/C:N/I:P/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-82010
severity:	MEDIUM
baseScore:	5.6
vectorString:	AV:N/AC:H/AU:S/C:N/I:P/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-4049
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-82010 // JVNDB: JVNDB-2015-007398 // CNNVD: CNNVD-201702-011 // NVD: CVE-2015-4049

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-82010 // JVNDB: JVNDB-2015-007398 // NVD: CVE-2015-4049

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-011

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201702-011

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007398

PATCH

title:	UIS-2015-5	url:	http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=40	Trust: 0.8
title:	Product Security Vulnerability Home	url:	http://public.support.unisys.com/common/public/vulnerability/NVD_Home.aspx?nav=pv	Trust: 0.8
title:	Multiple Unisys Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67401	Trust: 0.6

sources: JVNDB: JVNDB-2015-007398 // CNNVD: CNNVD-201702-011

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4049	Trust: 2.5
db:	JVNDB	id:	JVNDB-2015-007398	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-011	Trust: 0.7
db:	VULHUB	id:	VHN-82010	Trust: 0.1

sources: VULHUB: VHN-82010 // JVNDB: JVNDB-2015-007398 // CNNVD: CNNVD-201702-011 // NVD: CVE-2015-4049

REFERENCES

url:	http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=40	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4049	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4049	Trust: 0.8

sources: VULHUB: VHN-82010 // JVNDB: JVNDB-2015-007398 // CNNVD: CNNVD-201702-011 // NVD: CVE-2015-4049

SOURCES

db:	VULHUB	id:	VHN-82010
db:	JVNDB	id:	JVNDB-2015-007398
db:	CNNVD	id:	CNNVD-201702-011
db:	NVD	id:	CVE-2015-4049

LAST UPDATE DATE

2025-04-20T23:29:45.113000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-82010	date:	2017-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2015-007398	date:	2017-04-03T00:00:00
db:	CNNVD	id:	CNNVD-201702-011	date:	2017-02-08T00:00:00
db:	NVD	id:	CVE-2015-4049	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-82010	date:	2017-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2015-007398	date:	2017-04-03T00:00:00
db:	CNNVD	id:	CNNVD-201702-011	date:	2017-02-08T00:00:00
db:	NVD	id:	CVE-2015-4049	date:	2017-02-03T19:59:00.127