Description
uniFLOW Universal Login Manager (ULM) Standalone
contains an information disclosure vulnerability that may allow an
authenticated administrator to access sensitive configuration information
through the ULM Remote User Interface (RUI). Exploitation requires
administrative privileges and may disclose configuration data associated with
SMTP or LDAP integrations. ULM deployments connected to uniFLOW Server or
uniFLOW Online are not affected.
Published: 2026-07-06
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from improper protection of sensitive configuration data within the uniFLOW Universal Login Manager (ULM) Standalone. An attacker who has administrative privileges can access confidential configuration details—particularly those related to SMTP or LDAP integration—through the ULM Remote User Interface. The impact is a leakage of sensitive setup information that could aid further attacks or compromise system integrity.

Affected Systems

The affected product is NT-ware's uniFLOW ULM Standalone. No specific version information is listed, and deployments that are connected to uniFLOW Server or uniFLOW Online are not impacted.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity,SS value of less than 1% suggests a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Because exploitation requires an authenticated administrator, the risk to organizations depends on internal access controls; however, the overall potential impact is limited to disclosure of configuration data.

Generated by OpenCVE AI on July 7, 2026 at 17:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch for uniFLOW ULM Standalone to secure sensitive configuration data.
  • Review and, if possible, remove unnecessary SMTP and LDAP integration settings to reduce exposed information.
  • Enable comprehensive logging for administrative actions and monitor logs for suspicious access attempts.

Generated by OpenCVE AI on July 7, 2026 at 17:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 06 Jul 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Nt-ware
Nt-ware uniflow Ulm (universal Login Manager) Standalone
Vendors & Products Nt-ware
Nt-ware uniflow Ulm (universal Login Manager) Standalone

Mon, 06 Jul 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 09:00:00 +0000

Type Values Removed Values Added
Description uniFLOW Universal Login Manager (ULM) Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface (RUI). Exploitation requires administrative privileges and may disclose configuration data associated with SMTP or LDAP integrations. ULM deployments connected to uniFLOW Server or uniFLOW Online are not affected.
Title uniFLOW Universal Login Manager (ULM) Standalone Improper Protection of Sensitive Information Leads to Information Disclosure
Weaknesses CWE-522
References
Metrics cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N'}


Subscriptions

Nt-ware Uniflow Ulm (universal Login Manager) Standalone
cve-icon MITRE

Status: PUBLISHED

Assigner: Canon_EMEA

Published:

Updated: 2026-07-06T18:54:02.174Z

Reserved: 2026-01-26T12:49:23.159Z

Link: CVE-2026-1433

cve-icon Vulnrichment

Updated: 2026-07-06T18:53:57.223Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-07T17:45:03Z

Weaknesses
  • CWE-522

    Insufficiently Protected Credentials