Skip to main content

uniFLOW ULM CVE-2026-1433

| EUVDEUVD-2026-41848 MEDIUM
Insufficiently Protected Credentials (CWE-522)
2026-07-06 Canon_EMEA GHSA-8jh8-wh5v-2wh3
4.8
CVSS 4.0 · Vendor: Canon_EMEA
Share

Severity by source

Vendor (Canon_EMEA) PRIMARY
4.8 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.4 LOW

Adjacent-only access and high privileges required; scope changes because downstream SMTP/LDAP credentials are exposed, with low confidentiality impact on those subsequent systems.

3.1 AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
4.0 AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Primary rating from Vendor (Canon_EMEA).

CVSS VectorVendor: Canon_EMEA

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 06, 2026 - 09:43 vuln.today

DescriptionCVE.org

uniFLOW Universal Login Manager (ULM) Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface (RUI). Exploitation requires administrative privileges and may disclose configuration data associated with SMTP or LDAP integrations. ULM deployments connected to uniFLOW Server or uniFLOW Online are not affected.

AnalysisAI

Information disclosure in uniFLOW Universal Login Manager (ULM) Standalone exposes sensitive SMTP and LDAP integration configuration data to authenticated administrators via the Remote User Interface (RUI). The flaw, classified under CWE-522 (Insufficiently Protected Credentials), applies exclusively to Standalone ULM deployments - environments integrated with uniFLOW Server or uniFLOW Online are explicitly confirmed unaffected. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain ULM admin credentials
Delivery
Gain adjacent network access
Exploit
Authenticate to ULM Remote User Interface
Execution
Navigate to SMTP/LDAP config page
Persist
Harvest exposed integration credentials
Impact
Pivot to email relay or directory service

Vulnerability AssessmentAI

Exploitation Exploitation requires: (1) the target system must be running uniFLOW ULM in Standalone mode - deployments connected to uniFLOW Server or uniFLOW Online are explicitly not affected; (2) the attacker must hold high-privilege (administrative) credentials to the ULM Remote User Interface (PR:H per CVSS 4.0 vector); (3) the attacker must have adjacent network access to the ULM RUI (AV:A), ruling out remote internet-based exploitation. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is low-to-moderate and highly constrained. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained administrative credentials to a Standalone ULM deployment - whether through phishing, credential reuse, or insider access - connects to the RUI from the local network and navigates to the SMTP or LDAP configuration section, where integration secrets (e.g., LDAP bind password or SMTP relay credentials) are exposed rather than masked. The attacker then uses those credentials to access the organization's email relay or directory service for further lateral movement or data exfiltration. …
Remediation Consult the NT-ware security advisory at https://ntware.atlassian.net/wiki/spaces/SA/pages/13659504652/2026+Security+Advisory+ULM+Potential+Information+Disclosure and the Canon PSIRT page at https://www.canon-europe.com/psirt/advisory-information for vendor-released patch or upgrade guidance - no exact fixed version number was provided in available data, so the patched release must be confirmed directly from the vendor. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-1433 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy