Skip to main content

Webperfect Image Suite

1 CVEs product

Monthly

CVE-2026-39907 HIGH This Week

Unisys WebPerfect Image Suite 3.0.3960.22810 and 3.0.3960.22604 leak NTLMv2 machine-account hashes through an unauthenticated SOAP endpoint on TCP port 1208, enabling remote attackers to force SMB authentication attempts and relay credentials for privilege escalation or lateral movement. The WCF service accepts unsanitized file paths in the ReadLicense action, allowing UNC path injection to trigger outbound SMB connections. CVSS 7.0 with network attack vector, low complexity, and no authentication required (PR:N). No public exploit code identified at time of analysis, though the attack technique is straightforward for adversaries familiar with NTLM relay tactics.

Privilege Escalation Webperfect Image Suite
NVD VulDB GitHub
CVSS 4.0
7.0
EPSS
0.3%
EPSS 0% CVSS 7.0
HIGH This Week

Unisys WebPerfect Image Suite 3.0.3960.22810 and 3.0.3960.22604 leak NTLMv2 machine-account hashes through an unauthenticated SOAP endpoint on TCP port 1208, enabling remote attackers to force SMB authentication attempts and relay credentials for privilege escalation or lateral movement. The WCF service accepts unsanitized file paths in the ReadLicense action, allowing UNC path injection to trigger outbound SMB connections. CVSS 7.0 with network attack vector, low complexity, and no authentication required (PR:N). No public exploit code identified at time of analysis, though the attack technique is straightforward for adversaries familiar with NTLM relay tactics.

Privilege Escalation Webperfect Image Suite
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy