Unisys WebPerfect Image Suite WCF SOAP Endpoint NTLMv2 Hash Leakage Vulnerability

Vulnerability

A vulnerability exists in Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604, where an unauthenticated WCF SOAP endpoint on TCP port 1208 exposes the ReadLicense action's LFName parameter to unsanitized file paths. This flaw allows remote attackers to initiate SMB connections that leak NTLMv2 machine-account hashes. By crafting SOAP requests with UNC paths, attackers can force the server to make outbound SMB connections, revealing authentication credentials that could be relayed for privilege escalation or lateral movement within the network.

Impact

Exploitation of this vulnerability leads to the unauthorized leakage of NTLMv2 machine-account hashes, which can be used to impersonate machine accounts or escalate privileges within the network.

Added: Apr 15, 2026, 12:17 AM

Updated: Apr 15, 2026, 12:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.9

exploitability

6.6

remediation

0.0

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.9

exploitability

6.6

remediation

0.0

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Unisys WebPerfect Image Suite WCF SOAP Endpoint NTLMv2 Hash Leakage Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating