uniFLOW Universal Login Manager (ULM) Standalone Improper Protection of Sensitive Information Leads to Information Disclosure
Summary
| CVE | CVE-2026-1433 |
|---|---|
| State | PUBLISHED |
| Assigner | Canon_EMEA |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-06 09:16:34 UTC |
| Updated | 2026-07-06 19:17:00 UTC |
| Description | uniFLOW Universal Login Manager (ULM) Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface (RUI). Exploitation requires administrative privileges and may disclose configuration data associated with SMTP or LDAP integrations. ULM deployments connected to uniFLOW Server or uniFLOW Online are not affected. |
Risk And Classification
Primary CVSS: v4.0 4.8 MEDIUM from 4586e0a2-224d-4f8a-9cb4-8882b208c0b3
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.002170000 probability, percentile 0.121490000 (date 2026-07-07)
Problem Types: CWE-522 | CWE-522 CWE-522: Insufficiently Protected Credentials
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | 4586e0a2-224d-4f8a-9cb4-8882b208c0b3 | Secondary | 4.8 | MEDIUM | CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/C... |
| 4.0 | CNA | CVSS | 4.8 | MEDIUM | CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N |
CVSS v4.0 Breakdown
Attack Vector
AdjacentAttack Complexity
LowAttack Requirements
NonePrivileges Required
HighUser Interaction
NoneConfidentiality
NoneIntegrity
NoneAvailability
NoneSub Conf.
LowSub Integrity
NoneSub Availability
NoneCVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | NT-ware | UniFLOW ULM Universal Login Manager Standalone | affected 5.10 custom | Web Application |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.canon-europe.com/psirt/advisory-information | 4586e0a2-224d-4f8a-9cb4-8882b208c0b3 | www.canon-europe.com | |
| ntware.atlassian.net/wiki/spaces/SA/pages/13659504652/2026+Security+Advisory+ULM+P... | 4586e0a2-224d-4f8a-9cb4-8882b208c0b3 | ntware.atlassian.net | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Sam Shepherd working with BAE Systems (en)
There are currently no legacy QID mappings associated with this CVE.