Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Adjacent-only access and high privileges required; scope changes because downstream SMTP/LDAP credentials are exposed, with low confidentiality impact on those subsequent systems.
Primary rating from Vendor (Canon_EMEA).
CVSS VectorVendor: Canon_EMEA
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
uniFLOW Universal Login Manager (ULM) Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface (RUI). Exploitation requires administrative privileges and may disclose configuration data associated with SMTP or LDAP integrations. ULM deployments connected to uniFLOW Server or uniFLOW Online are not affected.
AnalysisAI
Information disclosure in uniFLOW Universal Login Manager (ULM) Standalone exposes sensitive SMTP and LDAP integration configuration data to authenticated administrators via the Remote User Interface (RUI). The flaw, classified under CWE-522 (Insufficiently Protected Credentials), applies exclusively to Standalone ULM deployments - environments integrated with uniFLOW Server or uniFLOW Online are explicitly confirmed unaffected. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires: (1) the target system must be running uniFLOW ULM in Standalone mode - deployments connected to uniFLOW Server or uniFLOW Online are explicitly not affected; (2) the attacker must hold high-privilege (administrative) credentials to the ULM Remote User Interface (PR:H per CVSS 4.0 vector); (3) the attacker must have adjacent network access to the ULM RUI (AV:A), ruling out remote internet-based exploitation. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is low-to-moderate and highly constrained. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained administrative credentials to a Standalone ULM deployment - whether through phishing, credential reuse, or insider access - connects to the RUI from the local network and navigates to the SMTP or LDAP configuration section, where integration secrets (e.g., LDAP bind password or SMTP relay credentials) are exposed rather than masked. The attacker then uses those credentials to access the organization's email relay or directory service for further lateral movement or data exfiltration. … |
| Remediation | Consult the NT-ware security advisory at https://ntware.atlassian.net/wiki/spaces/SA/pages/13659504652/2026+Security+Advisory+ULM+Potential+Information+Disclosure and the Canon PSIRT page at https://www.canon-europe.com/psirt/advisory-information for vendor-released patch or upgrade guidance - no exact fixed version number was provided in available data, so the patched release must be confirmed directly from the vendor. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41848
GHSA-8jh8-wh5v-2wh3