Impact
The vulnerability arises from improper protection of sensitive configuration data within the uniFLOW Universal Login Manager (ULM) Standalone. An attacker who has administrative privileges can access confidential configuration details—particularly those related to SMTP or LDAP integration—through the ULM Remote User Interface. The impact is a leakage of sensitive setup information that could aid further attacks or compromise system integrity.
Affected Systems
The affected product is NT-ware's uniFLOW ULM Standalone. No specific version information is listed, and deployments that are connected to uniFLOW Server or uniFLOW Online are not impacted.
Risk and Exploitability
The CVSS score of 4.8 indicates moderate severity,SS value of less than 1% suggests a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Because exploitation requires an authenticated administrator, the risk to organizations depends on internal access controls; however, the overall potential impact is limited to disclosure of configuration data.
OpenCVE Enrichment