{"api_version":"1","generated_at":"2026-07-08T21:08:50+00:00","cve":"CVE-2026-1433","urls":{"html":"https://cve.report/CVE-2026-1433","api":"https://cve.report/api/cve/CVE-2026-1433.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-1433","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-1433"},"summary":{"title":"uniFLOW Universal Login Manager (ULM) Standalone Improper Protection of Sensitive Information Leads to Information Disclosure","description":"uniFLOW Universal Login Manager (ULM) Standalone\ncontains an information disclosure vulnerability that may allow an\nauthenticated administrator to access sensitive configuration information\nthrough the ULM Remote User Interface (RUI). Exploitation requires\nadministrative privileges and may disclose configuration data associated with\nSMTP or LDAP integrations. ULM deployments connected to uniFLOW Server or\nuniFLOW Online are not affected.","state":"PUBLISHED","assigner":"Canon_EMEA","published_at":"2026-07-06 09:16:34","updated_at":"2026-07-06 19:17:00"},"problem_types":["CWE-522","CWE-522 CWE-522: Insufficiently Protected Credentials"],"metrics":[{"version":"4.0","source":"4586e0a2-224d-4f8a-9cb4-8882b208c0b3","type":"Secondary","score":"4.8","severity":"MEDIUM","vector":"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"4.8","severity":"MEDIUM","vector":"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N","data":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":4.8,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"HIGH","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"}}],"references":[{"url":"https://www.canon-europe.com/psirt/advisory-information","name":"https://www.canon-europe.com/psirt/advisory-information","refsource":"4586e0a2-224d-4f8a-9cb4-8882b208c0b3","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://ntware.atlassian.net/wiki/spaces/SA/pages/13659504652/2026+Security+Advisory+ULM+Potential+Information+Disclosure","name":"https://ntware.atlassian.net/wiki/spaces/SA/pages/13659504652/2026+Security+Advisory+ULM+Potential+Information+Disclosure","refsource":"4586e0a2-224d-4f8a-9cb4-8882b208c0b3","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-1433","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1433","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"NT-ware","product":"uniFLOW ULM (Universal Login Manager) Standalone","version":"affected 5.10 custom","platforms":["Web Application"]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Sam Shepherd working with BAE Systems","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"1433","cve":"CVE-2026-1433","epss":"0.002170000","percentile":"0.121490000","score_date":"2026-07-07","updated_at":"2026-07-08 00:14:14"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-1433","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-07-06T18:53:50.994716Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-07-06T18:54:02.174Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Web Application"],"product":"uniFLOW ULM (Universal Login Manager) Standalone","vendor":"NT-ware","versions":[{"lessThanOrEqual":"5.10","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"reporter","value":"Sam Shepherd working with BAE Systems"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"uniFLOW Universal Login Manager (ULM) Standalone\ncontains an information disclosure vulnerability that may allow an\nauthenticated administrator to access sensitive configuration information\nthrough the ULM Remote User Interface (RUI). Exploitation requires\nadministrative privileges and may disclose configuration data associated with\nSMTP or LDAP integrations. ULM deployments connected to uniFLOW Server or\nuniFLOW Online are not affected."}],"value":"uniFLOW Universal Login Manager (ULM) Standalone\ncontains an information disclosure vulnerability that may allow an\nauthenticated administrator to access sensitive configuration information\nthrough the ULM Remote User Interface (RUI). Exploitation requires\nadministrative privileges and may disclose configuration data associated with\nSMTP or LDAP integrations. ULM deployments connected to uniFLOW Server or\nuniFLOW Online are not affected."}],"impacts":[{"descriptions":[{"lang":"en","value":"Not applicable"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":4.8,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"HIGH","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-522","description":"CWE-522: Insufficiently Protected Credentials","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-06T08:12:49.571Z","orgId":"4586e0a2-224d-4f8a-9cb4-8882b208c0b3","shortName":"Canon_EMEA"},"references":[{"tags":["vendor-advisory"],"url":"https://www.canon-europe.com/psirt/advisory-information"},{"tags":["vendor-advisory","mitigation"],"url":"https://ntware.atlassian.net/wiki/spaces/SA/pages/13659504652/2026+Security+Advisory+ULM+Potential+Information+Disclosure"}],"source":{"discovery":"EXTERNAL"},"tags":["x_cemea","x_nt_ware","x_subsidiary"],"title":"uniFLOW Universal Login Manager (ULM) Standalone Improper Protection of Sensitive Information Leads to Information Disclosure","x_generator":{"engine":"Vulnogram 1.0.2"}}},"cveMetadata":{"assignerOrgId":"4586e0a2-224d-4f8a-9cb4-8882b208c0b3","assignerShortName":"Canon_EMEA","cveId":"CVE-2026-1433","datePublished":"2026-07-06T08:12:49.571Z","dateReserved":"2026-01-26T12:49:23.159Z","dateUpdated":"2026-07-06T18:54:02.174Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-06 09:16:34","lastModifiedDate":"2026-07-06 19:17:00","problem_types":["CWE-522","CWE-522 CWE-522: Insufficiently Protected Credentials"],"metrics":{"cvssMetricV40":[{"source":"4586e0a2-224d-4f8a-9cb4-8882b208c0b3","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:53:50.994716Z","id":"CVE-2026-1433","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"1433","Ordinal":"1","Title":"uniFLOW Universal Login Manager (ULM) Standalone Improper Protec","CVE":"CVE-2026-1433","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"1433","Ordinal":"1","NoteData":"uniFLOW Universal Login Manager (ULM) Standalone\ncontains an information disclosure vulnerability that may allow an\nauthenticated administrator to access sensitive configuration information\nthrough the ULM Remote User Interface (RUI). Exploitation requires\nadministrative privileges and may disclose configuration data associated with\nSMTP or LDAP integrations. ULM deployments connected to uniFLOW Server or\nuniFLOW Online are not affected.","Type":"Description","Title":"uniFLOW Universal Login Manager (ULM) Standalone Improper Protec"}]}}}