CVE-2015-4049

medium

Published 2017-02-03 · Modified 2026-05-13

CVSS v3

6.8

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

CVSS v2

5.6

VIR risk

6.8

Description

Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service (data corruption or system crash) via vectors related to using program operators during EPSILON (level 5) based codefiles at peak memory usage, which triggers CPM stack corruption.

Predictions

Exploit likelihood

77%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=40

References

http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=40
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=40

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.