Vulnerabilites related to huawei - manageone
CVE-2021-37131 (GCVE-0-2021-37131)
Vulnerability from cvelistv5
Published
2021-10-27 00:29
Modified
2024-08-04 01:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CSV Injection
Summary
There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ManageOne;iManager NetEco;iManager NetEco 6000 |
Version: 6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC1.B070,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B090,8.0.0,8.0.0-LCN080,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3 Version: V600R010C00CP2001,V600R010C00CP2002,V600R010C00CP3001,V600R010C00CP3002,V600R010C00CP3101,V600R010C00CP3102,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300,V600R010C00SPC310 Version: V600R009C00CP2201,V600R009C00CP2301,V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210,V600R009C00SPC220,V600R009C00SPC221,V600R009C00SPC230,V600R009C00SPC232 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:02.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageOne;iManager NetEco;iManager NetEco 6000",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC1.B070,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B090,8.0.0,8.0.0-LCN080,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3"
},
{
"status": "affected",
"version": "V600R010C00CP2001,V600R010C00CP2002,V600R010C00CP3001,V600R010C00CP3002,V600R010C00CP3101,V600R010C00CP3102,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300,V600R010C00SPC310"
},
{
"status": "affected",
"version": "V600R009C00CP2201,V600R009C00CP2301,V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210,V600R009C00SPC220,V600R009C00SPC221,V600R009C00SPC230,V600R009C00SPC232"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSV Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T00:29:32",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-37131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageOne;iManager NetEco;iManager NetEco 6000",
"version": {
"version_data": [
{
"version_value": "6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC1.B070,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B090,8.0.0,8.0.0-LCN080,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3"
},
{
"version_value": "V600R010C00CP2001,V600R010C00CP2002,V600R010C00CP3001,V600R010C00CP3002,V600R010C00CP3101,V600R010C00CP3102,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300,V600R010C00SPC310"
},
{
"version_value": "V600R009C00CP2201,V600R009C00CP2301,V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210,V600R009C00SPC220,V600R009C00SPC221,V600R009C00SPC230,V600R009C00SPC232"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSV Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-37131",
"datePublished": "2021-10-27T00:29:32",
"dateReserved": "2021-07-20T00:00:00",
"dateUpdated": "2024-08-04T01:16:02.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9115 (GCVE-0-2020-9115)
Vulnerability from cvelistv5
Published
2020-11-30 23:57
Modified
2024-08-04 10:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Command Injection
Summary
ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201125-01-commandinjection-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageOne",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.1.B050,8.0.0,8.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-30T23:57:23",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201125-01-commandinjection-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageOne",
"version": {
"version_data": [
{
"version_value": "6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.1.B050,8.0.0,8.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201125-01-commandinjection-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201125-01-commandinjection-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9115",
"datePublished": "2020-11-30T23:57:23",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22298 (GCVE-0-2021-22298)
Vulnerability from cvelistv5
Published
2021-02-06 01:31
Modified
2024-08-03 18:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Logic
Summary
There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ManageOne |
Version: 6.5.1.1.B020,6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageOne",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.5.1.1.B020,6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Logic",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T14:41:30",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageOne",
"version": {
"version_data": [
{
"version_value": "6.5.1.1.B020,6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Logic"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22298",
"datePublished": "2021-02-06T01:31:07",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:37:18.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22293 (GCVE-0-2021-22293)
Vulnerability from cvelistv5
Published
2021-02-06 02:16
Modified
2024-08-03 18:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inconsistent Interpretation of HTTP Requests
Summary
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1).
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | n/a | CampusInsight |
Version: V100R019C10 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-01-http-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CampusInsight",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V100R019C10"
}
]
},
{
"product": "ManageOne",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.5.1.1"
},
{
"status": "affected",
"version": "6.5.1.SPC100"
},
{
"status": "affected",
"version": "6.5.1.SPC200"
},
{
"status": "affected",
"version": "6.5.1RC1"
},
{
"status": "affected",
"version": "6.5.1RC2"
},
{
"status": "affected",
"version": "8.0.RC2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inconsistent Interpretation of HTTP Requests",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-06T02:16:20",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-01-http-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CampusInsight",
"version": {
"version_data": [
{
"version_value": "V100R019C10"
}
]
}
},
{
"product_name": "ManageOne",
"version": {
"version_data": [
{
"version_value": "6.5.1.1"
},
{
"version_value": "6.5.1.SPC100"
},
{
"version_value": "6.5.1.SPC200"
},
{
"version_value": "6.5.1RC1"
},
{
"version_value": "6.5.1RC2"
},
{
"version_value": "8.0.RC2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inconsistent Interpretation of HTTP Requests"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-01-http-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-01-http-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22293",
"datePublished": "2021-02-06T02:16:20",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:37:18.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22409 (GCVE-0-2021-22409)
Vulnerability from cvelistv5
Published
2021-05-20 19:13
Modified
2024-08-03 18:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ManageOne |
Version: 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC1.B080,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:12.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-02-dos-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageOne",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC1.B080,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T19:13:06",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-02-dos-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageOne",
"version": {
"version_data": [
{
"version_value": "6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC1.B080,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-02-dos-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-02-dos-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22409",
"datePublished": "2021-05-20T19:13:06",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:12.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14835 (GCVE-0-2019-14835)
Vulnerability from cvelistv5
Published
2019-09-17 15:09
Modified
2024-08-05 00:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux Kernel | Linux kernel |
Version: from version 2.6.34 to 5.2.x |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/09/17/1"
},
{
"name": "USN-4135-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4135-2/"
},
{
"name": "FEDORA-2019-e3010166bd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/"
},
{
"name": "RHSA-2019:2827",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2827"
},
{
"name": "RHSA-2019:2828",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2828"
},
{
"name": "RHSA-2019:2830",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2830"
},
{
"name": "RHSA-2019:2829",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2829"
},
{
"name": "RHSA-2019:2854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2854"
},
{
"name": "RHSA-2019:2862",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2862"
},
{
"name": "RHSA-2019:2863",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2863"
},
{
"name": "RHSA-2019:2866",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2866"
},
{
"name": "RHSA-2019:2864",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2864"
},
{
"name": "RHSA-2019:2865",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2865"
},
{
"name": "RHSA-2019:2867",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2867"
},
{
"name": "RHSA-2019:2869",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2869"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html"
},
{
"name": "[oss-security] 20190924 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/24/1"
},
{
"name": "openSUSE-SU-2019:2173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"name": "RHSA-2019:2889",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2889"
},
{
"name": "openSUSE-SU-2019:2181",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"name": "20190925 [SECURITY] [DSA 4531-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/41"
},
{
"name": "DSA-4531",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4531"
},
{
"name": "RHSA-2019:2900",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2900"
},
{
"name": "RHSA-2019:2901",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2901"
},
{
"name": "RHSA-2019:2899",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2899"
},
{
"name": "RHSA-2019:2924",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2924"
},
{
"name": "USN-4135-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4135-1/"
},
{
"name": "[debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"
},
{
"name": "FEDORA-2019-a570a92d5a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/"
},
{
"name": "[oss-security] 20191003 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/03/1"
},
{
"name": "[oss-security] 20191009 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/3"
},
{
"name": "[oss-security] 20191009 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/7"
},
{
"name": "RHBA-2019:2824",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2824"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
},
{
"name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux kernel",
"vendor": "Linux Kernel",
"versions": [
{
"status": "affected",
"version": "from version 2.6.34 to 5.2.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel\u0027s vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T12:06:07",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2019/09/17/1"
},
{
"name": "USN-4135-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4135-2/"
},
{
"name": "FEDORA-2019-e3010166bd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/"
},
{
"name": "RHSA-2019:2827",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2827"
},
{
"name": "RHSA-2019:2828",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2828"
},
{
"name": "RHSA-2019:2830",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2830"
},
{
"name": "RHSA-2019:2829",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2829"
},
{
"name": "RHSA-2019:2854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2854"
},
{
"name": "RHSA-2019:2862",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2862"
},
{
"name": "RHSA-2019:2863",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2863"
},
{
"name": "RHSA-2019:2866",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2866"
},
{
"name": "RHSA-2019:2864",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2864"
},
{
"name": "RHSA-2019:2865",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2865"
},
{
"name": "RHSA-2019:2867",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2867"
},
{
"name": "RHSA-2019:2869",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2869"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html"
},
{
"name": "[oss-security] 20190924 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/24/1"
},
{
"name": "openSUSE-SU-2019:2173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"name": "RHSA-2019:2889",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2889"
},
{
"name": "openSUSE-SU-2019:2181",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"name": "20190925 [SECURITY] [DSA 4531-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/41"
},
{
"name": "DSA-4531",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4531"
},
{
"name": "RHSA-2019:2900",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2900"
},
{
"name": "RHSA-2019:2901",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2901"
},
{
"name": "RHSA-2019:2899",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2899"
},
{
"name": "RHSA-2019:2924",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2924"
},
{
"name": "USN-4135-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4135-1/"
},
{
"name": "[debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"
},
{
"name": "FEDORA-2019-a570a92d5a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/"
},
{
"name": "[oss-security] 20191003 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/03/1"
},
{
"name": "[oss-security] 20191009 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/3"
},
{
"name": "[oss-security] 20191009 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/7"
},
{
"name": "RHBA-2019:2824",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2824"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
},
{
"name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14835",
"datePublished": "2019-09-17T15:09:37",
"dateReserved": "2019-08-10T00:00:00",
"dateUpdated": "2024-08-05T00:26:39.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22299 (GCVE-0-2021-22299)
Vulnerability from cvelistv5
Published
2021-02-06 01:53
Modified
2024-08-03 18:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Local Privilege Escalation
Summary
There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | n/a | ManageOne |
Version: 6.5.0 Version: 6.5.0.SPC100.B210 Version: 6.5.1.1.B010 Version: 6.5.1.1.B020 Version: 6.5.1.1.B030 Version: 6.5.1.1.B040 Version: 6.5.1.SPC100.B050 Version: 6.5.1.SPC101.B010 Version: 6.5.1.SPC101.B040 Version: 6.5.1.SPC200 Version: 6.5.1.SPC200.B010 Version: 6.5.1.SPC200.B030 Version: 6.5.1.SPC200.B040 Version: 6.5.1.SPC200.B050 Version: 6.5.1.SPC200.B060 Version: 6.5.1.SPC200.B070 Version: 6.5.1RC1.B060 Version: 6.5.1RC2.B020 Version: 6.5.1RC2.B030 Version: 6.5.1RC2.B040 Version: 6.5.1RC2.B050 Version: 6.5.1RC2.B060 Version: 6.5.1RC2.B070 Version: 6.5.1RC2.B080 Version: 6.5.1RC2.B090 Version: 6.5.RC2.B050 Version: 8.0.0 Version: 8.0.0-LCND81 Version: 8.0.0.SPC100 Version: 8.0.1 Version: 8.0.RC2 Version: 8.0.RC3 Version: 8.0.RC3.B041 Version: 8.0.RC3.SPC100 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageOne",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.5.0"
},
{
"status": "affected",
"version": "6.5.0.SPC100.B210"
},
{
"status": "affected",
"version": "6.5.1.1.B010"
},
{
"status": "affected",
"version": "6.5.1.1.B020"
},
{
"status": "affected",
"version": "6.5.1.1.B030"
},
{
"status": "affected",
"version": "6.5.1.1.B040"
},
{
"status": "affected",
"version": "6.5.1.SPC100.B050"
},
{
"status": "affected",
"version": "6.5.1.SPC101.B010"
},
{
"status": "affected",
"version": "6.5.1.SPC101.B040"
},
{
"status": "affected",
"version": "6.5.1.SPC200"
},
{
"status": "affected",
"version": "6.5.1.SPC200.B010"
},
{
"status": "affected",
"version": "6.5.1.SPC200.B030"
},
{
"status": "affected",
"version": "6.5.1.SPC200.B040"
},
{
"status": "affected",
"version": "6.5.1.SPC200.B050"
},
{
"status": "affected",
"version": "6.5.1.SPC200.B060"
},
{
"status": "affected",
"version": "6.5.1.SPC200.B070"
},
{
"status": "affected",
"version": "6.5.1RC1.B060"
},
{
"status": "affected",
"version": "6.5.1RC2.B020"
},
{
"status": "affected",
"version": "6.5.1RC2.B030"
},
{
"status": "affected",
"version": "6.5.1RC2.B040"
},
{
"status": "affected",
"version": "6.5.1RC2.B050"
},
{
"status": "affected",
"version": "6.5.1RC2.B060"
},
{
"status": "affected",
"version": "6.5.1RC2.B070"
},
{
"status": "affected",
"version": "6.5.1RC2.B080"
},
{
"status": "affected",
"version": "6.5.1RC2.B090"
},
{
"status": "affected",
"version": "6.5.RC2.B050"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0-LCND81"
},
{
"status": "affected",
"version": "8.0.0.SPC100"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.RC2"
},
{
"status": "affected",
"version": "8.0.RC3"
},
{
"status": "affected",
"version": "8.0.RC3.B041"
},
{
"status": "affected",
"version": "8.0.RC3.SPC100"
}
]
},
{
"product": "NFV_FusionSphere",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.5.1.SPC23"
},
{
"status": "affected",
"version": "8.0.0.SPC12"
}
]
},
{
"product": "SMC2.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V600R019C00"
},
{
"status": "affected",
"version": "V600R019C10"
}
]
},
{
"product": "iMaster MAE-M",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-06T01:53:36",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageOne",
"version": {
"version_data": [
{
"version_value": "6.5.0"
},
{
"version_value": "6.5.0.SPC100.B210"
},
{
"version_value": "6.5.1.1.B010"
},
{
"version_value": "6.5.1.1.B020"
},
{
"version_value": "6.5.1.1.B030"
},
{
"version_value": "6.5.1.1.B040"
},
{
"version_value": "6.5.1.SPC100.B050"
},
{
"version_value": "6.5.1.SPC101.B010"
},
{
"version_value": "6.5.1.SPC101.B040"
},
{
"version_value": "6.5.1.SPC200"
},
{
"version_value": "6.5.1.SPC200.B010"
},
{
"version_value": "6.5.1.SPC200.B030"
},
{
"version_value": "6.5.1.SPC200.B040"
},
{
"version_value": "6.5.1.SPC200.B050"
},
{
"version_value": "6.5.1.SPC200.B060"
},
{
"version_value": "6.5.1.SPC200.B070"
},
{
"version_value": "6.5.1RC1.B060"
},
{
"version_value": "6.5.1RC2.B020"
},
{
"version_value": "6.5.1RC2.B030"
},
{
"version_value": "6.5.1RC2.B040"
},
{
"version_value": "6.5.1RC2.B050"
},
{
"version_value": "6.5.1RC2.B060"
},
{
"version_value": "6.5.1RC2.B070"
},
{
"version_value": "6.5.1RC2.B080"
},
{
"version_value": "6.5.1RC2.B090"
},
{
"version_value": "6.5.RC2.B050"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0-LCND81"
},
{
"version_value": "8.0.0.SPC100"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.RC2"
},
{
"version_value": "8.0.RC3"
},
{
"version_value": "8.0.RC3.B041"
},
{
"version_value": "8.0.RC3.SPC100"
}
]
}
},
{
"product_name": "NFV_FusionSphere",
"version": {
"version_data": [
{
"version_value": "6.5.1.SPC23"
},
{
"version_value": "8.0.0.SPC12"
}
]
}
},
{
"product_name": "SMC2.0",
"version": {
"version_data": [
{
"version_value": "V600R019C00"
},
{
"version_value": "V600R019C10"
}
]
}
},
{
"product_name": "iMaster MAE-M",
"version": {
"version_data": [
{
"version_value": "MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22299",
"datePublished": "2021-02-06T01:53:36",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:37:18.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9205 (GCVE-0-2020-9205)
Vulnerability from cvelistv5
Published
2021-02-06 01:40
Modified
2024-08-04 10:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CSV Injection
Summary
There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:20.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-csvinjection-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageOne",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "8.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSV Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-06T01:40:27",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-csvinjection-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageOne",
"version": {
"version_data": [
{
"version_value": "8.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSV Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-csvinjection-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-csvinjection-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9205",
"datePublished": "2021-02-06T01:40:27",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:19:20.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22314 (GCVE-0-2021-22314)
Vulnerability from cvelistv5
Published
2021-03-22 19:13
Modified
2024-08-03 18:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Local Privilege Escalation
Summary
There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210218-01-privilege-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageOne",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.5.1.1.B010,6.5.1RC1.B060,6.5.1RC1.B070,6.5.1RC2.B020,6.5.1RC2.B030"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-22T19:13:00",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210218-01-privilege-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageOne",
"version": {
"version_data": [
{
"version_value": "6.5.1.1.B010,6.5.1RC1.B060,6.5.1RC1.B070,6.5.1RC2.B020,6.5.1RC2.B030"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210218-01-privilege-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210218-01-privilege-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22314",
"datePublished": "2021-03-22T19:13:00",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:37:18.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5289 (GCVE-0-2019-5289)
Vulnerability from cvelistv5
Published
2019-11-13 16:03
Modified
2024-08-04 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out-of-bounds Read
Summary
Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. Attackers can construct invalid packets to attack the active and standby communication channels. Successful exploit of this vulnerability could allow the attacker to crash the database on the standby node.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:52.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-database-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageOne",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. Attackers can construct invalid packets to attack the active and standby communication channels. Successful exploit of this vulnerability could allow the attacker to crash the database on the standby node."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-13T16:03:23",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-database-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageOne",
"version": {
"version_data": [
{
"version_value": "6.5.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. Attackers can construct invalid packets to attack the active and standby communication channels. Successful exploit of this vulnerability could allow the attacker to crash the database on the standby node."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-database-en",
"refsource": "MISC",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-database-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5289",
"datePublished": "2019-11-13T16:03:23",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:52.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22339 (GCVE-0-2021-22339)
Vulnerability from cvelistv5
Published
2021-05-20 19:19
Modified
2024-08-03 18:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ManageOne |
Version: 6.5.0,6.5.0.SPC100.B210,6.5.0.SPC100.B220,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC1.B070,6.5.1RC1.B080,6.5.1RC2.B010,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-dos-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageOne",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.5.0,6.5.0.SPC100.B210,6.5.0.SPC100.B220,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC1.B070,6.5.1RC1.B080,6.5.1RC2.B010,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T19:19:28",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-dos-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageOne",
"version": {
"version_data": [
{
"version_value": "6.5.0,6.5.0.SPC100.B210,6.5.0.SPC100.B220,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC1.B070,6.5.1RC1.B080,6.5.1RC2.B010,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-dos-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-dos-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22339",
"datePublished": "2021-05-20T19:19:28",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:37:18.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1862 (GCVE-0-2020-1862)
Vulnerability from cvelistv5
Published
2020-03-20 14:45
Modified
2024-08-04 06:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Double Free
Summary
There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Affected product versions include:CampusInsight versions V100R019C00;ManageOne versions 6.5.RC2.B050.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CampusInsight;ManageOne |
Version: V100R019C00 Version: 6.5.RC2.B050 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:53:59.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-free-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CampusInsight;ManageOne",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V100R019C00"
},
{
"status": "affected",
"version": "6.5.RC2.B050"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Affected product versions include:CampusInsight versions V100R019C00;ManageOne versions 6.5.RC2.B050."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Double Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-20T14:45:37",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-free-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-1862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CampusInsight;ManageOne",
"version": {
"version_data": [
{
"version_value": "V100R019C00"
},
{
"version_value": "6.5.RC2.B050"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Affected product versions include:CampusInsight versions V100R019C00;ManageOne versions 6.5.RC2.B050."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Double Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-free-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-free-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-1862",
"datePublished": "2020-03-20T14:45:37",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-04T06:53:59.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22340 (GCVE-0-2021-22340)
Vulnerability from cvelistv5
Published
2021-06-29 18:45
Modified
2024-08-03 18:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Multiple Threads Race Condition
Summary
There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cause the system to crash. Affected product versions include: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2.0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ManageOne;SMC2.0 |
Version: 6.5.1.SPC200,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.SPC100 Version: V600R019C10SPC700,V600R019C10SPC702,V600R019C10SPC703,V600R019C10SPC800,V600R019C10SPC900,V600R019C10SPC910,V600R019C10SPC920,V600R019C10SPC921,V600R019C10SPC922,V600R019C10SPC930,V600R019C10SPC931 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-racecondition-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageOne;SMC2.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.5.1.SPC200,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.SPC100"
},
{
"status": "affected",
"version": "V600R019C10SPC700,V600R019C10SPC702,V600R019C10SPC703,V600R019C10SPC800,V600R019C10SPC900,V600R019C10SPC910,V600R019C10SPC920,V600R019C10SPC921,V600R019C10SPC922,V600R019C10SPC930,V600R019C10SPC931"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cause the system to crash. Affected product versions include: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2.0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Threads Race Condition",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T18:45:03",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-racecondition-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageOne;SMC2.0",
"version": {
"version_data": [
{
"version_value": "6.5.1.SPC200,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.SPC100"
},
{
"version_value": "V600R019C10SPC700,V600R019C10SPC702,V600R019C10SPC703,V600R019C10SPC800,V600R019C10SPC900,V600R019C10SPC910,V600R019C10SPC920,V600R019C10SPC921,V600R019C10SPC922,V600R019C10SPC930,V600R019C10SPC931"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cause the system to crash. Affected product versions include: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2.0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Threads Race Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-racecondition-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-racecondition-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22340",
"datePublished": "2021-06-29T18:45:03",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:37:18.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22311 (GCVE-0-2021-22311)
Vulnerability from cvelistv5
Published
2021-03-22 18:47
Modified
2024-08-03 18:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Permission Assignment
Summary
There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users to do certain operations with improper permissions. Affected product versions include: ManageOne versions 8.0.0, 8.0.1.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-manageone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageOne",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "8.0.0,8.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users to do certain operations with improper permissions. Affected product versions include: ManageOne versions 8.0.0, 8.0.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Permission Assignment",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-22T18:47:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-manageone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageOne",
"version": {
"version_data": [
{
"version_value": "8.0.0,8.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users to do certain operations with improper permissions. Affected product versions include: ManageOne versions 8.0.0, 8.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Permission Assignment"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-manageone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-manageone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22311",
"datePublished": "2021-03-22T18:47:02",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:37:18.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22397 (GCVE-0-2021-22397)
Vulnerability from cvelistv5
Published
2021-08-02 16:24
Modified
2024-08-03 18:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege Escalation
Summary
There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of some files are lack of verification when they are be called. Attackers can exploit this vulnerability by performing these files to cause privilege escalation attack. This can compromise normal service.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:12.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-pe-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageOne",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "8.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of some files are lack of verification when they are be called. Attackers can exploit this vulnerability by performing these files to cause privilege escalation attack. This can compromise normal service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T16:24:40",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-pe-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageOne",
"version": {
"version_data": [
{
"version_value": "8.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of some files are lack of verification when they are be called. Attackers can exploit this vulnerability by performing these files to cause privilege escalation attack. This can compromise normal service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-pe-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-pe-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22397",
"datePublished": "2021-08-02T16:24:40",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:12.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-12-01 00:15
Modified
2024-11-21 05:40
Severity ?
Summary
ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B85321E0-8B1B-452B-A1AE-D8BB85C18CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b010:*:*:*:*:*:*",
"matchCriteriaId": "463A4059-55EF-4862-B8AD-90DCAC0CC871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b020:*:*:*:*:*:*",
"matchCriteriaId": "4042FC49-4FC7-46B4-8D14-ECACF22A9860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b030:*:*:*:*:*:*",
"matchCriteriaId": "A4D8799F-9ADD-442F-BC39-4BCAFBFFBE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b040:*:*:*:*:*:*",
"matchCriteriaId": "535597A4-29C8-44A8-9008-4F4E10030531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b050:*:*:*:*:*:*",
"matchCriteriaId": "2F10E645-D9C1-44F4-88DE-A8CF9ADAAF95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C07C03B-18BA-4EA3-A73F-3E6E839252F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47A8E919-FAC0-4011-927F-599AA7688A32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device."
},
{
"lang": "es",
"value": "Las versiones 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.1.B050, 8.0.0 y 8.0.1 de ManageOne tienen una vulnerabilidad de inyecci\u00f3n de comandos. Un atacante con privilegios elevados puede aprovechar esta vulnerabilidad mediante algunas operaciones en el componente plugin. Debido a una comprobaci\u00f3n de entrada insuficiente de algunos par\u00e1metros, el atacante puede explotar esta vulnerabilidad para inyectar comandos en el dispositivo objetivo"
}
],
"id": "CVE-2020-9115",
"lastModified": "2024-11-21T05:40:04.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-01T00:15:11.320",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201125-01-commandinjection-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201125-01-commandinjection-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-20 15:15
Modified
2024-11-21 05:11
Severity ?
Summary
There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Affected product versions include:CampusInsight versions V100R019C00;ManageOne versions 6.5.RC2.B050.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | campusinsight | v100r019c00 | |
| huawei | manageone | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:campusinsight:v100r019c00:*:*:*:*:*:*:*",
"matchCriteriaId": "3275FDEA-1A36-42CD-A76A-710A070F3E74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5:rc2.b050:*:*:*:*:*:*",
"matchCriteriaId": "F4A02F6E-42F5-49C3-9B23-3FA4D18F7362",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Affected product versions include:CampusInsight versions V100R019C00;ManageOne versions 6.5.RC2.B050."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de doble liberaci\u00f3n en algunos productos Huawei. Un atacante local con pocos privilegios puede llevar a cabo algunas operaciones para explotar la vulnerabilidad. Debido a una memoria doblemente liberada, la explotaci\u00f3n con \u00e9xito puede causar alg\u00fan servicio anormal. Las versiones de productos afectados incluyen: CampusInsight versiones V100R019C00; ManageOne versiones 6.5.RC2.B050."
}
],
"id": "CVE-2020-1862",
"lastModified": "2024-11-21T05:11:30.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-20T15:15:14.170",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-free-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-free-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-22 19:15
Modified
2024-11-21 05:49
Severity ?
Summary
There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users to do certain operations with improper permissions. Affected product versions include: ManageOne versions 8.0.0, 8.0.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C07C03B-18BA-4EA3-A73F-3E6E839252F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47A8E919-FAC0-4011-927F-599AA7688A32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users to do certain operations with improper permissions. Affected product versions include: ManageOne versions 8.0.0, 8.0.1."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de asignaci\u00f3n inapropiada de permisos en el producto Huawei ManageOne.\u0026#xa0;Debido a un refuerzo de seguridad inapropiado, el proceso puede ejecutarse con un privilegio superior.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a determinados usuarios realizar determinadas operaciones con permisos inapropiados.\u0026#xa0;Las versiones de producto afectadas incluyen: ManageOne versiones 8.0.0, 8.0.1"
}
],
"id": "CVE-2021-22311",
"lastModified": "2024-11-21T05:49:53.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-22T19:15:11.837",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-manageone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-manageone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-27 01:15
Modified
2024-11-21 06:14
Severity ?
Summary
There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@huawei.com | https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.1 | |
| huawei | imanager_neteco | v600r010c00cp2001 | |
| huawei | imanager_neteco | v600r010c00cp2002 | |
| huawei | imanager_neteco | v600r010c00cp3001 | |
| huawei | imanager_neteco | v600r010c00cp3002 | |
| huawei | imanager_neteco | v600r010c00cp3101 | |
| huawei | imanager_neteco | v600r010c00cp3102 | |
| huawei | imanager_neteco | v600r010c00spc100 | |
| huawei | imanager_neteco | v600r010c00spc110 | |
| huawei | imanager_neteco | v600r010c00spc120 | |
| huawei | imanager_neteco | v600r010c00spc200 | |
| huawei | imanager_neteco | v600r010c00spc210 | |
| huawei | imanager_neteco | v600r010c00spc300 | |
| huawei | imanager_neteco | v600r010c00spc310 | |
| huawei | imanager_neteco_6000 | v600r009c00cp2201 | |
| huawei | imanager_neteco_6000 | v600r009c00cp2301 | |
| huawei | imanager_neteco_6000 | v600r009c00spc100 | |
| huawei | imanager_neteco_6000 | v600r009c00spc110 | |
| huawei | imanager_neteco_6000 | v600r009c00spc120 | |
| huawei | imanager_neteco_6000 | v600r009c00spc190 | |
| huawei | imanager_neteco_6000 | v600r009c00spc200 | |
| huawei | imanager_neteco_6000 | v600r009c00spc201 | |
| huawei | imanager_neteco_6000 | v600r009c00spc202 | |
| huawei | imanager_neteco_6000 | v600r009c00spc210 | |
| huawei | imanager_neteco_6000 | v600r009c00spc220 | |
| huawei | imanager_neteco_6000 | v600r009c00spc221 | |
| huawei | imanager_neteco_6000 | v600r009c00spc230 | |
| huawei | imanager_neteco_6000 | v600r009c00spc232 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc1.b060:*:*:*:*:*:*",
"matchCriteriaId": "24872541-A493-48BD-AA2C-7A976FF75F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc1.b070:*:*:*:*:*:*",
"matchCriteriaId": "D962B0A1-0725-4A6F-99EB-E6E42F03243B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b020:*:*:*:*:*:*",
"matchCriteriaId": "61EC963F-1160-43D4-B4E4-2CC2B209B4DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b030:*:*:*:*:*:*",
"matchCriteriaId": "2B7820BE-0307-40F3-A7BD-66D5B8C7A0A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b040:*:*:*:*:*:*",
"matchCriteriaId": "AD086E38-D1F5-4160-A7A2-12E681F686CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b050:*:*:*:*:*:*",
"matchCriteriaId": "035E4DF1-4B17-448B-8A78-CD81F68D38CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b060:*:*:*:*:*:*",
"matchCriteriaId": "DDDB5BDF-9760-4EE6-947D-A633B9CC0D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b070:*:*:*:*:*:*",
"matchCriteriaId": "31787857-76F6-4E80-82B7-56B1C12B6628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b090:*:*:*:*:*:*",
"matchCriteriaId": "73901E08-8C24-46FB-A42D-6457630AA6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b010:*:*:*:*:*:*",
"matchCriteriaId": "463A4059-55EF-4862-B8AD-90DCAC0CC871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b020:*:*:*:*:*:*",
"matchCriteriaId": "4042FC49-4FC7-46B4-8D14-ECACF22A9860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b030:*:*:*:*:*:*",
"matchCriteriaId": "A4D8799F-9ADD-442F-BC39-4BCAFBFFBE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b040:*:*:*:*:*:*",
"matchCriteriaId": "535597A4-29C8-44A8-9008-4F4E10030531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc100.b050:*:*:*:*:*:*",
"matchCriteriaId": "C59C64B0-D42D-4515-BD2B-4FE5C7F48BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc101.b010:*:*:*:*:*:*",
"matchCriteriaId": "698B071C-FC52-40CD-BBA7-53426051F504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc101.b040:*:*:*:*:*:*",
"matchCriteriaId": "F6461FE1-99CC-48E4-8134-F17D895511F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200:*:*:*:*:*:*",
"matchCriteriaId": "FE5AE38A-627F-4337-949D-A5811D6859EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b010:*:*:*:*:*:*",
"matchCriteriaId": "29FEC933-0E52-496B-A2B3-C84E65E5B430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b030:*:*:*:*:*:*",
"matchCriteriaId": "16F30BF5-4510-4AC7-8B12-6D4126C2DC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b040:*:*:*:*:*:*",
"matchCriteriaId": "37090D37-0CDF-464B-9509-4F465D20C8C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b050:*:*:*:*:*:*",
"matchCriteriaId": "83B2B033-F12C-487E-8245-3F5BBF59BBC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b060:*:*:*:*:*:*",
"matchCriteriaId": "1ADF4433-A950-4A00-A4F7-12F766B4C947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b070:*:*:*:*:*:*",
"matchCriteriaId": "7FF3EB4D-6892-4572-B1D6-6183FE8B8D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "EFA5EBB8-C174-4CF0-ADE6-15B62C10DD86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:lcn080:*:*:*:*:*:*",
"matchCriteriaId": "EF638B61-21C2-4BCF-8EDA-549073776C96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:lcnd81:*:*:*:*:*:*",
"matchCriteriaId": "E9090F1E-EF60-4E54-9885-7F6B1681DE9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "51E51969-9D4D-4A58-BEBD-19F4BD64BC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2A1E9FF8-C0A4-47A5-9738-4D0ADB35DAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:spc100:*:*:*:*:*:*",
"matchCriteriaId": "7EDE7C94-7E89-45E6-8A79-32E53D9139DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47A8E919-FAC0-4011-927F-599AA7688A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00cp2001:*:*:*:*:*:*:*",
"matchCriteriaId": "DB5DA70B-2B2A-4D66-8D45-D37B0128DC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00cp2002:*:*:*:*:*:*:*",
"matchCriteriaId": "47D66420-5D94-4757-BCDA-878628D83201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00cp3001:*:*:*:*:*:*:*",
"matchCriteriaId": "27280804-63DD-416E-98E1-D68827A8B25E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00cp3002:*:*:*:*:*:*:*",
"matchCriteriaId": "135682EE-750C-40E5-B670-3413F75CA9BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00cp3101:*:*:*:*:*:*:*",
"matchCriteriaId": "E138CC11-2FCF-49D6-A5D9-1640E6EB7DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00cp3102:*:*:*:*:*:*:*",
"matchCriteriaId": "A6D15126-6131-45DA-943B-3B5246C1DEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc100:*:*:*:*:*:*:*",
"matchCriteriaId": "DF27593A-5B5D-42F8-8826-7B5AE71D0017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc110:*:*:*:*:*:*:*",
"matchCriteriaId": "B61166A9-71C0-4DAD-B12A-09E60BC2185A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc120:*:*:*:*:*:*:*",
"matchCriteriaId": "65650D52-CF29-4A80-B026-FFC758AEE209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "E09E6692-73D6-4EAE-902B-B1C04EA707C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc210:*:*:*:*:*:*:*",
"matchCriteriaId": "74B4D132-7977-4137-A5E3-3730FE63CC3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc300:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7DC28E-0473-4D40-BF89-E90983070F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc310:*:*:*:*:*:*:*",
"matchCriteriaId": "58E64AEF-5493-40D8-B992-3E6BEA38AE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00cp2201:*:*:*:*:*:*:*",
"matchCriteriaId": "66B67DA3-781D-47BA-941B-475DB4D8EDF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00cp2301:*:*:*:*:*:*:*",
"matchCriteriaId": "15AAA803-8D92-44A7-B199-8847F39DB9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc100:*:*:*:*:*:*:*",
"matchCriteriaId": "F48421A9-58FC-4144-AE9F-9B82818EF62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc110:*:*:*:*:*:*:*",
"matchCriteriaId": "41237B91-3778-48C7-BBDD-A56957390F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc120:*:*:*:*:*:*:*",
"matchCriteriaId": "A4B056BA-73D9-4E1A-B865-838D3CEB47B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc190:*:*:*:*:*:*:*",
"matchCriteriaId": "84300143-1A0C-4172-BAC3-AFDAC85C7F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "C45A355E-DEAD-49E7-8A3E-3D474525EB5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc201:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8B49FD-1F1C-42D6-B65A-839D0719F23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc202:*:*:*:*:*:*:*",
"matchCriteriaId": "0FAF9CE1-6489-4DF9-A559-803291CA2A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc210:*:*:*:*:*:*:*",
"matchCriteriaId": "94B7FBF4-57D3-4F15-B614-FF4A707F85D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc220:*:*:*:*:*:*:*",
"matchCriteriaId": "9E007CA7-E6E2-4391-9889-9029C8EDEC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc221:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5A03CC-A585-4DD1-B6DD-7B126E3D616D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc230:*:*:*:*:*:*:*",
"matchCriteriaId": "0A387DDE-C053-45A1-BE44-E643CAB35B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc232:*:*:*:*:*:*:*",
"matchCriteriaId": "50B76F15-9FE3-41C1-80A8-68CAAEBB6D71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de inyecci\u00f3n CSV en ManageOne, iManager NetEco e iManager NetEco 6000. Un atacante con altos privilegios puede explotar esta vulnerabilidad mediante algunas operaciones para inyectar los archivos CSV. Debido a una comprobaci\u00f3n de entrada insuficiente de algunos par\u00e1metros, el atacante puede explotar esta vulnerabilidad para inyectar archivos CSV en el dispositivo de destino"
}
],
"id": "CVE-2021-37131",
"lastModified": "2024-11-21T06:14:42.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-27T01:15:07.863",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-20 20:15
Modified
2024-11-21 05:49
Severity ?
Summary
There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | manageone | 6.5 | |
| huawei | manageone | 6.5.0 | |
| huawei | manageone | 6.5.0 | |
| huawei | manageone | 6.5.0 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5:rc2.b050:*:*:*:*:*:*",
"matchCriteriaId": "F4A02F6E-42F5-49C3-9B23-3FA4D18F7362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F14B3716-7A94-42C5-AE2C-9F64C15A43EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.0:spc100.b210:*:*:*:*:*:*",
"matchCriteriaId": "1F587216-1355-4DD6-83E2-27CCE4ACC2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.0:spc100.b220:*:*:*:*:*:*",
"matchCriteriaId": "61516933-60A9-4FF6-B8BB-27BA0AD5024D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc1.b060:*:*:*:*:*:*",
"matchCriteriaId": "24872541-A493-48BD-AA2C-7A976FF75F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc1.b070:*:*:*:*:*:*",
"matchCriteriaId": "D962B0A1-0725-4A6F-99EB-E6E42F03243B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc1.b080:*:*:*:*:*:*",
"matchCriteriaId": "4FF1D67F-B436-42A2-B783-87BF5C289A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b010:*:*:*:*:*:*",
"matchCriteriaId": "AC4B914D-8325-44D7-BAC5-6D25C9FE765D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b020:*:*:*:*:*:*",
"matchCriteriaId": "61EC963F-1160-43D4-B4E4-2CC2B209B4DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b030:*:*:*:*:*:*",
"matchCriteriaId": "2B7820BE-0307-40F3-A7BD-66D5B8C7A0A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b040:*:*:*:*:*:*",
"matchCriteriaId": "AD086E38-D1F5-4160-A7A2-12E681F686CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b050:*:*:*:*:*:*",
"matchCriteriaId": "035E4DF1-4B17-448B-8A78-CD81F68D38CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b060:*:*:*:*:*:*",
"matchCriteriaId": "DDDB5BDF-9760-4EE6-947D-A633B9CC0D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b070:*:*:*:*:*:*",
"matchCriteriaId": "31787857-76F6-4E80-82B7-56B1C12B6628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b080:*:*:*:*:*:*",
"matchCriteriaId": "3495FF32-2906-4064-A636-64EB3A06421D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b090:*:*:*:*:*:*",
"matchCriteriaId": "73901E08-8C24-46FB-A42D-6457630AA6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc100.b050:*:*:*:*:*:*",
"matchCriteriaId": "A472E9AA-784F-4AE2-B1D8-6C77EA1664B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc101.b010:*:*:*:*:*:*",
"matchCriteriaId": "F7CC07B4-FBF6-4AC9-8C54-B7845A068BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc101.b040:*:*:*:*:*:*",
"matchCriteriaId": "36904A81-9DCD-4E65-ADC1-A5A96FA0D939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200:*:*:*:*:*:*",
"matchCriteriaId": "481FA740-3E71-443D-99DF-89CA198951A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200.b010:*:*:*:*:*:*",
"matchCriteriaId": "37636652-DC9E-4310-AB33-1C67B85A7BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200.b030:*:*:*:*:*:*",
"matchCriteriaId": "C462984C-407A-4D52-BEDD-7E300482E2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200.b040:*:*:*:*:*:*",
"matchCriteriaId": "154A70F1-C15A-41B1-97B8-89550595BF44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200.b050:*:*:*:*:*:*",
"matchCriteriaId": "B58D9F18-F7B5-4514-978D-EC419614F521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200.b060:*:*:*:*:*:*",
"matchCriteriaId": "BD51B07E-213B-4D32-A121-E2FD124EA1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200.b070:*:*:*:*:*:*",
"matchCriteriaId": "7926B343-242E-414B-B573-84DB16A2FCBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b010:*:*:*:*:*:*",
"matchCriteriaId": "463A4059-55EF-4862-B8AD-90DCAC0CC871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b020:*:*:*:*:*:*",
"matchCriteriaId": "4042FC49-4FC7-46B4-8D14-ECACF22A9860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b030:*:*:*:*:*:*",
"matchCriteriaId": "A4D8799F-9ADD-442F-BC39-4BCAFBFFBE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b040:*:*:*:*:*:*",
"matchCriteriaId": "535597A4-29C8-44A8-9008-4F4E10030531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "EFA5EBB8-C174-4CF0-ADE6-15B62C10DD86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:lcnd81:*:*:*:*:*:*",
"matchCriteriaId": "E9090F1E-EF60-4E54-9885-7F6B1681DE9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "51E51969-9D4D-4A58-BEBD-19F4BD64BC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2A1E9FF8-C0A4-47A5-9738-4D0ADB35DAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc3.b041:*:*:*:*:*:*",
"matchCriteriaId": "1B552573-DB7A-4454-A832-AE1811A9577C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc3.spc100:*:*:*:*:*:*",
"matchCriteriaId": "5D17BA55-6032-4BC4-BEB3-4FB27BA81777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:spc100:*:*:*:*:*:*",
"matchCriteriaId": "7EDE7C94-7E89-45E6-8A79-32E53D9139DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47A8E919-FAC0-4011-927F-599AA7688A32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio en algunas versiones de ManageOne.\u0026#xa0;En escenarios espec\u00edficos, debido a la verificaci\u00f3n insuficiente del par\u00e1metro, un atacante puede dise\u00f1ar alg\u00fan par\u00e1metro espec\u00edfico.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito puede causar que algunos servicios sean anormales"
}
],
"id": "CVE-2021-22339",
"lastModified": "2024-11-21T05:49:56.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T20:15:07.323",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-dos-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-dos-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-06 03:15
Modified
2024-11-21 05:49
Severity ?
Summary
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:campusinsight:v100r019c10:*:*:*:*:*:*:*",
"matchCriteriaId": "704AA007-5ADB-4376-BF2A-9F2B8D8E2DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "24620D00-5935-4C33-B9E9-474353958727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46A79DF7-123C-4AA9-B334-2F38FA663BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CBEB49EA-8556-49C8-80F9-682209E12D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc100:*:*:*:*:*:*",
"matchCriteriaId": "290026C4-4A41-42E1-8729-6D682CD98E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200:*:*:*:*:*:*",
"matchCriteriaId": "FE5AE38A-627F-4337-949D-A5811D6859EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "51E51969-9D4D-4A58-BEBD-19F4BD64BC7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:taurus-al00a_firmware:10.0.0.1\\(c00e1r1p1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1110292D-92A1-4B57-BFE6-042389ED1C2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:taurus-al00a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "369D8168-4BFA-4003-A332-3E6876459623",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1)."
},
{
"lang": "es",
"value": "Algunos productos de Huawei presentan una vulnerabilidad de interpretaci\u00f3n inconsistente de peticiones HTTP. Los atacantes pueden explotar esta vulnerabilidad para causar un filtrado de informaci\u00f3n. Las versiones de producto afectadas son: CampusInsight versiones V100R019C10; ManageOne versiones 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Las versiones de producto afectadas incluyen: Taurus-AL00A versi\u00f3n 10.0.0.1(C00E1R1P1)"
}
],
"id": "CVE-2021-22293",
"lastModified": "2024-11-21T05:49:51.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-06T03:15:12.767",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-01-http-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-01-http-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-06 02:15
Modified
2024-11-21 05:40
Severity ?
Summary
There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47A8E919-FAC0-4011-927F-599AA7688A32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de inyecci\u00f3n de CSV en ManageOne versi\u00f3n 8.0.1. Un atacante con privilegio com\u00fan puede explotar esta vulnerabilidad por medio de algunas operaciones para inyectar los archivos CSV. Debido a una comprobaci\u00f3n de entrada insuficiente de algunos par\u00e1metros, el atacante puede explotar esta vulnerabilidad para inyectar archivos CSV en el dispositivo de destino"
}
],
"id": "CVE-2020-9205",
"lastModified": "2024-11-21T05:40:09.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-06T02:15:12.540",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-csvinjection-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-csvinjection-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-06 02:15
Modified
2024-11-21 05:49
Severity ?
Summary
There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | imaster_mae-m | v100r020c10spc220 | |
| huawei | manageone | 6.5.0 | |
| huawei | manageone | 6.5.0 | |
| huawei | manageone | 6.5.0 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.1 | |
| huawei | network_functions_virtualization_fusionsphere | 6.5.1 | |
| huawei | network_functions_virtualization_fusionsphere | 6.5.1 | |
| huawei | smc2.0_firmware | v600r019c00 | |
| huawei | smc2.0_firmware | v600r019c10 | |
| huawei | smc2.0 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:imaster_mae-m:v100r020c10spc220:*:*:*:*:*:*:*",
"matchCriteriaId": "3F67A4BC-9424-458A-A24B-2AFF301329C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F14B3716-7A94-42C5-AE2C-9F64C15A43EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.0:rc2.b050:*:*:*:*:*:*",
"matchCriteriaId": "E514234B-1DB4-4170-BC73-510058ED5788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.0:spc100.b210:*:*:*:*:*:*",
"matchCriteriaId": "1F587216-1355-4DD6-83E2-27CCE4ACC2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "CAE8F0E3-8BCA-4059-9BE1-A7BDFD18531A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc1.b060:*:*:*:*:*:*",
"matchCriteriaId": "24872541-A493-48BD-AA2C-7A976FF75F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b020:*:*:*:*:*:*",
"matchCriteriaId": "61EC963F-1160-43D4-B4E4-2CC2B209B4DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b030:*:*:*:*:*:*",
"matchCriteriaId": "2B7820BE-0307-40F3-A7BD-66D5B8C7A0A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b040:*:*:*:*:*:*",
"matchCriteriaId": "AD086E38-D1F5-4160-A7A2-12E681F686CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b050:*:*:*:*:*:*",
"matchCriteriaId": "035E4DF1-4B17-448B-8A78-CD81F68D38CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b060:*:*:*:*:*:*",
"matchCriteriaId": "DDDB5BDF-9760-4EE6-947D-A633B9CC0D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b070:*:*:*:*:*:*",
"matchCriteriaId": "31787857-76F6-4E80-82B7-56B1C12B6628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b080:*:*:*:*:*:*",
"matchCriteriaId": "3495FF32-2906-4064-A636-64EB3A06421D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b090:*:*:*:*:*:*",
"matchCriteriaId": "73901E08-8C24-46FB-A42D-6457630AA6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc100.b050:*:*:*:*:*:*",
"matchCriteriaId": "A472E9AA-784F-4AE2-B1D8-6C77EA1664B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc101.b010:*:*:*:*:*:*",
"matchCriteriaId": "F7CC07B4-FBF6-4AC9-8C54-B7845A068BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc101.b040:*:*:*:*:*:*",
"matchCriteriaId": "36904A81-9DCD-4E65-ADC1-A5A96FA0D939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200:*:*:*:*:*:*",
"matchCriteriaId": "481FA740-3E71-443D-99DF-89CA198951A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200.b010:*:*:*:*:*:*",
"matchCriteriaId": "37636652-DC9E-4310-AB33-1C67B85A7BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200.b030:*:*:*:*:*:*",
"matchCriteriaId": "C462984C-407A-4D52-BEDD-7E300482E2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200.b040:*:*:*:*:*:*",
"matchCriteriaId": "154A70F1-C15A-41B1-97B8-89550595BF44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200.b050:*:*:*:*:*:*",
"matchCriteriaId": "B58D9F18-F7B5-4514-978D-EC419614F521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200.b060:*:*:*:*:*:*",
"matchCriteriaId": "BD51B07E-213B-4D32-A121-E2FD124EA1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200.b070:*:*:*:*:*:*",
"matchCriteriaId": "7926B343-242E-414B-B573-84DB16A2FCBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b010:*:*:*:*:*:*",
"matchCriteriaId": "463A4059-55EF-4862-B8AD-90DCAC0CC871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b020:*:*:*:*:*:*",
"matchCriteriaId": "4042FC49-4FC7-46B4-8D14-ECACF22A9860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b030:*:*:*:*:*:*",
"matchCriteriaId": "A4D8799F-9ADD-442F-BC39-4BCAFBFFBE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b040:*:*:*:*:*:*",
"matchCriteriaId": "535597A4-29C8-44A8-9008-4F4E10030531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "EFA5EBB8-C174-4CF0-ADE6-15B62C10DD86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:lcnd81:*:*:*:*:*:*",
"matchCriteriaId": "E9090F1E-EF60-4E54-9885-7F6B1681DE9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "51E51969-9D4D-4A58-BEBD-19F4BD64BC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2A1E9FF8-C0A4-47A5-9738-4D0ADB35DAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc3.b041:*:*:*:*:*:*",
"matchCriteriaId": "1B552573-DB7A-4454-A832-AE1811A9577C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc3.spc100:*:*:*:*:*:*",
"matchCriteriaId": "5D17BA55-6032-4BC4-BEB3-4FB27BA81777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:spc100:*:*:*:*:*:*",
"matchCriteriaId": "7EDE7C94-7E89-45E6-8A79-32E53D9139DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47A8E919-FAC0-4011-927F-599AA7688A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:network_functions_virtualization_fusionsphere:6.5.1:spc12:*:*:*:*:*:*",
"matchCriteriaId": "BD187FC7-B1BE-4BF1-BB6E-AA05CEFE4910",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:network_functions_virtualization_fusionsphere:6.5.1:spc23:*:*:*:*:*:*",
"matchCriteriaId": "1FBB7636-4E6E-4621-9F42-9CDC8EB472F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:smc2.0_firmware:v600r019c00:*:*:*:*:*:*:*",
"matchCriteriaId": "C2DC0656-EE97-43AF-9499-7ED8E31D6458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:smc2.0_firmware:v600r019c10:*:*:*:*:*:*:*",
"matchCriteriaId": "C32980F5-E091-4B2F-A8D3-F30367C8B9C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:smc2.0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDBEFFB4-9742-48CC-BBA6-E5DCA281B343",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de escalada de privilegios local en algunos productos Huawei. Un atacante autentificado local podr\u00eda dise\u00f1ar comandos espec\u00edficos para explotar esta vulnerabilidad. Una explotaci\u00f3n con \u00e9xito puede hacer que un atacante obtenga un mayor privilegio. Las versiones de producto afectadas incluyen: ManageOne versiones 6.5.0, 6.5.0.SPC100.B210, 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1 .SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B060, 6.5.1RC2.B020, 6.5.1RC2.B030, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090, 6.5.RC2.B050, 8.0.0, 8.0.0-LCND81, 8.0.0.SPC100, 8.0.1, 8.0.RC2, 8.0.RC3, 8.0.RC3.B041, 8.0.RC3.SPC100;\u0026#xa0;NFV_FusionSphere versiones 6.5.1.SPC23, 8.0.0.SPC12; SMC2.0 versiones V600R019C00,\u0026#xa0;V600R019C10;\u0026#xa0;iMaster MAE-M versiones MAE-TOOL (FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220"
}
],
"id": "CVE-2021-22299",
"lastModified": "2024-11-21T05:49:52.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-06T02:15:12.680",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-20 20:15
Modified
2024-11-21 05:50
Severity ?
Summary
There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | manageone | 6.5 | |
| huawei | manageone | 6.5.0 | |
| huawei | manageone | 6.5.0 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5:rc2.b050:*:*:*:*:*:*",
"matchCriteriaId": "F4A02F6E-42F5-49C3-9B23-3FA4D18F7362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B85321E0-8B1B-452B-A1AE-D8BB85C18CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.0:spc100.b210:*:*:*:*:*:*",
"matchCriteriaId": "1F587216-1355-4DD6-83E2-27CCE4ACC2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc1.b080:*:*:*:*:*:*",
"matchCriteriaId": "4FF1D67F-B436-42A2-B783-87BF5C289A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b020:*:*:*:*:*:*",
"matchCriteriaId": "61EC963F-1160-43D4-B4E4-2CC2B209B4DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b030:*:*:*:*:*:*",
"matchCriteriaId": "2B7820BE-0307-40F3-A7BD-66D5B8C7A0A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b040:*:*:*:*:*:*",
"matchCriteriaId": "AD086E38-D1F5-4160-A7A2-12E681F686CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b060:*:*:*:*:*:*",
"matchCriteriaId": "DDDB5BDF-9760-4EE6-947D-A633B9CC0D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b070:*:*:*:*:*:*",
"matchCriteriaId": "31787857-76F6-4E80-82B7-56B1C12B6628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b080:*:*:*:*:*:*",
"matchCriteriaId": "3495FF32-2906-4064-A636-64EB3A06421D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b090:*:*:*:*:*:*",
"matchCriteriaId": "73901E08-8C24-46FB-A42D-6457630AA6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc100.b050:*:*:*:*:*:*",
"matchCriteriaId": "A472E9AA-784F-4AE2-B1D8-6C77EA1664B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc101.b010:*:*:*:*:*:*",
"matchCriteriaId": "F7CC07B4-FBF6-4AC9-8C54-B7845A068BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc101.b040:*:*:*:*:*:*",
"matchCriteriaId": "36904A81-9DCD-4E65-ADC1-A5A96FA0D939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200:*:*:*:*:*:*",
"matchCriteriaId": "481FA740-3E71-443D-99DF-89CA198951A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200.b010:*:*:*:*:*:*",
"matchCriteriaId": "37636652-DC9E-4310-AB33-1C67B85A7BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200.b030:*:*:*:*:*:*",
"matchCriteriaId": "C462984C-407A-4D52-BEDD-7E300482E2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200.b040:*:*:*:*:*:*",
"matchCriteriaId": "154A70F1-C15A-41B1-97B8-89550595BF44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200.b050:*:*:*:*:*:*",
"matchCriteriaId": "B58D9F18-F7B5-4514-978D-EC419614F521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200.b060:*:*:*:*:*:*",
"matchCriteriaId": "BD51B07E-213B-4D32-A121-E2FD124EA1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200.b070:*:*:*:*:*:*",
"matchCriteriaId": "7926B343-242E-414B-B573-84DB16A2FCBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b010:*:*:*:*:*:*",
"matchCriteriaId": "463A4059-55EF-4862-B8AD-90DCAC0CC871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b020:*:*:*:*:*:*",
"matchCriteriaId": "4042FC49-4FC7-46B4-8D14-ECACF22A9860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b030:*:*:*:*:*:*",
"matchCriteriaId": "A4D8799F-9ADD-442F-BC39-4BCAFBFFBE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b040:*:*:*:*:*:*",
"matchCriteriaId": "535597A4-29C8-44A8-9008-4F4E10030531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "EFA5EBB8-C174-4CF0-ADE6-15B62C10DD86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:lcnd81:*:*:*:*:*:*",
"matchCriteriaId": "E9090F1E-EF60-4E54-9885-7F6B1681DE9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "51E51969-9D4D-4A58-BEBD-19F4BD64BC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2A1E9FF8-C0A4-47A5-9738-4D0ADB35DAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc3.b041:*:*:*:*:*:*",
"matchCriteriaId": "1B552573-DB7A-4454-A832-AE1811A9577C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc3.spc100:*:*:*:*:*:*",
"matchCriteriaId": "5D17BA55-6032-4BC4-BEB3-4FB27BA81777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:spc100:*:*:*:*:*:*",
"matchCriteriaId": "7EDE7C94-7E89-45E6-8A79-32E53D9139DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47A8E919-FAC0-4011-927F-599AA7688A32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio en algunas versiones de ManageOne.\u0026#xa0;Se presenta un error l\u00f3gico en la implementaci\u00f3n de una funci\u00f3n de un m\u00f3dulo.\u0026#xa0;Cuando la presi\u00f3n de servicio es alta, se presenta una baja probabilidad de que ocurra una excepci\u00f3n.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito puede causar que algunos servicios sean anormales"
}
],
"id": "CVE-2021-22409",
"lastModified": "2024-11-21T05:50:04.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T20:15:07.360",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-02-dos-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-02-dos-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-22 20:15
Modified
2024-11-21 05:49
Severity ?
Summary
There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc1.b060:*:*:*:*:*:*",
"matchCriteriaId": "24872541-A493-48BD-AA2C-7A976FF75F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc1.b070:*:*:*:*:*:*",
"matchCriteriaId": "D962B0A1-0725-4A6F-99EB-E6E42F03243B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b020:*:*:*:*:*:*",
"matchCriteriaId": "61EC963F-1160-43D4-B4E4-2CC2B209B4DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b030:*:*:*:*:*:*",
"matchCriteriaId": "2B7820BE-0307-40F3-A7BD-66D5B8C7A0A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b010:*:*:*:*:*:*",
"matchCriteriaId": "463A4059-55EF-4862-B8AD-90DCAC0CC871",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de escalamiento de privilegios local en algunas versiones de ManageOne.\u0026#xa0;Un atacante local autenticado podr\u00eda llevar a cabo operaciones espec\u00edficas para explotar esta vulnerabilidad.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito puede causar que el atacante obtenga un privilegio m\u00e1s alto y comprometa el servicio"
}
],
"id": "CVE-2021-22314",
"lastModified": "2024-11-21T05:49:53.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-22T20:15:17.550",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210218-01-privilege-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210218-01-privilege-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-17 16:15
Modified
2024-11-21 04:27
Severity ?
Summary
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en | Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2019/09/24/1 | Mailing List | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2019/10/03/1 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2019/10/09/3 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2019/10/09/7 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHBA-2019:2824 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2827 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2828 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2829 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2830 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2854 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2862 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2863 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2864 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2865 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2866 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2867 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2869 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2889 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2899 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2900 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2901 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2924 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/ | Mailing List | |
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/ | Mailing List | |
| secalert@redhat.com | https://seclists.org/bugtraq/2019/Nov/11 | Issue Tracking, Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://seclists.org/bugtraq/2019/Sep/41 | Issue Tracking, Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20191031-0005/ | Third Party Advisory | |
| secalert@redhat.com | https://usn.ubuntu.com/4135-1/ | Third Party Advisory | |
| secalert@redhat.com | https://usn.ubuntu.com/4135-2/ | Third Party Advisory | |
| secalert@redhat.com | https://www.debian.org/security/2019/dsa-4531 | Third Party Advisory | |
| secalert@redhat.com | https://www.openwall.com/lists/oss-security/2019/09/17/1 | Exploit, Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/09/24/1 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/03/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/09/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/09/7 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHBA-2019:2824 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2827 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2828 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2829 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2830 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2854 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2862 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2863 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2864 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2865 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2866 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2867 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2869 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2889 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2899 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2900 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2901 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2924 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Nov/11 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Sep/41 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20191031-0005/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4135-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4135-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2019/dsa-4531 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2019/09/17/1 | Exploit, Mailing List, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | 5.3 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| netapp | aff_a700s_firmware | - | |
| netapp | aff_a700s | * | |
| netapp | h410c_firmware | - | |
| netapp | h410c | * | |
| netapp | h610s_firmware | - | |
| netapp | h610s | * | |
| netapp | h300s_firmware | - | |
| netapp | h300s | * | |
| netapp | h500s_firmware | - | |
| netapp | h500s | * | |
| netapp | h700s_firmware | - | |
| netapp | h700s | * | |
| netapp | h300e_firmware | - | |
| netapp | h300e | * | |
| netapp | h500e_firmware | - | |
| netapp | h500e | * | |
| netapp | h700e_firmware | - | |
| netapp | h700e | * | |
| netapp | h410s_firmware | - | |
| netapp | h410s | * | |
| netapp | data_availability_services | - | |
| netapp | hci_management_node | - | |
| netapp | service_processor | - | |
| netapp | solidfire | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| redhat | openshift_container_platform | 3.11 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_eus | 7.5 | |
| redhat | enterprise_linux_eus | 7.6 | |
| redhat | enterprise_linux_eus | 7.7 | |
| redhat | enterprise_linux_for_real_time | 7 | |
| redhat | enterprise_linux_for_real_time | 8 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server | 7.6 | |
| redhat | enterprise_linux_server_aus | 6.5 | |
| redhat | enterprise_linux_server_aus | 6.6 | |
| redhat | enterprise_linux_server_aus | 7.2 | |
| redhat | enterprise_linux_server_aus | 7.3 | |
| redhat | enterprise_linux_server_aus | 7.4 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_aus | 7.7 | |
| redhat | enterprise_linux_server_tus | 7.2 | |
| redhat | enterprise_linux_server_tus | 7.3 | |
| redhat | enterprise_linux_server_tus | 7.4 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.7 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| redhat | virtualization | 4.0 | |
| redhat | virtualization_host | 4.0 | |
| redhat | enterprise_linux | 7.0 | |
| huawei | imanager_neteco | v600r009c00 | |
| huawei | imanager_neteco | v600r009c10spc200 | |
| huawei | imanager_neteco_6000 | v600r008c10spc300 | |
| huawei | imanager_neteco_6000 | v600r008c20 | |
| huawei | manageone | 6.5.0 | |
| huawei | manageone | 6.5.0.spc100.b210 | |
| huawei | manageone | 6.5.1rc1.b060 | |
| huawei | manageone | 6.5.1rc1.b080 | |
| huawei | manageone | 6.5.rc2.b050 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86915AE6-B1BF-4707-934A-4D9C4C8D055A",
"versionEndExcluding": "3.16.74",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C7DCE8F-B46F-4805-8149-EC96FA1AE7C0",
"versionEndExcluding": "4.4.193",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E6AA2E-1B41-4254-BF88-FFBBD289D6F5",
"versionEndExcluding": "4.9.193",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B03599FC-6BB3-49F9-9FD8-1EB0A1194233",
"versionEndExcluding": "4.14.144",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C302EBC-2256-44A4-8BD3-5BCB2FA5F6F6",
"versionEndExcluding": "4.19.73",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA36BC1-A7F2-44F3-930A-EAF173B9E604",
"versionEndExcluding": "5.2.15",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8AA5A5-E882-4063-B2BB-C2268685060E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "952F55C9-7E7C-4539-9D08-E736B3488569",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:aff_a700s:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F92D596-810D-414E-8AF9-1EC271648D16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D96CBB4-2B07-4E8C-AFBD-32A5470ED1F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h610s:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80A6BDDA-17BE-4EE5-BEFC-F24235A3C9F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4F5761B-B747-4110-9849-B6D4C14B24A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09B76C01-3DA1-461D-98F2-4858AF542D84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3E5A63-DA59-4582-9D38-26E9225B0BA0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300e:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EEA523F-E92B-459F-9811-1E71EA9FF362",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500e:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4738C27A-A24C-44E0-96DF-81812473ECC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700e:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5EBA781-49D3-4CBB-914E-8A56D61FC322",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D033CBC9-59FE-48D6-9D30-C4895FB957B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "146A767F-DC04-454B-9913-17D3A2B5AAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B15608-BABC-4663-A58F-B74BD2D1A734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF9BCF3-187F-410A-96CA-9C47D3ED6924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5E92F9B3-3841-4C05-88F0-CEB0735EA4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:imanager_neteco:v600r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B6EEA9-4E22-49F8-97E3-10E56EA8CBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:imanager_neteco:v600r009c10spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2E60B0-BE2D-4ABF-9F1A-07FA98F5743E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:imanager_neteco_6000:v600r008c10spc300:*:*:*:*:*:*:*",
"matchCriteriaId": "75DEAA37-7889-4FE6-B606-BB354625231B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:imanager_neteco_6000:v600r008c20:*:*:*:*:*:*:*",
"matchCriteriaId": "AE14BF0B-0641-4CB2-A9B9-8AAE5AAAB6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B85321E0-8B1B-452B-A1AE-D8BB85C18CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.0.spc100.b210:*:*:*:*:*:*:*",
"matchCriteriaId": "A042DB25-3D29-4C0A-89C7-70E53AB5A78A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1rc1.b060:*:*:*:*:*:*:*",
"matchCriteriaId": "B07551BB-2540-403E-83DC-E61BCFA15046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1rc1.b080:*:*:*:*:*:*:*",
"matchCriteriaId": "A42D0C34-C616-4AE5-853D-1353DC2C26A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.rc2.b050:*:*:*:*:*:*:*",
"matchCriteriaId": "58E84BB6-76BA-4833-83C3-2DA35E8DB7C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel\u0027s vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo de desbordamiento de b\u00fafer, en las versiones desde 2.6.34 hasta 5.2.x, en la manera en que la funcionalidad vhost del kernel de Linux que traduce los b\u00faferes virtueue en IOV, registraba los descriptores del b\u00fafer durante una migraci\u00f3n. Un usuario invitado privilegiado capaz de pasar descriptores con una longitud no v\u00e1lida hacia el host cuando la migraci\u00f3n est\u00e1 en marcha, podr\u00eda usar este fallo para aumentar sus privilegios sobre el host."
}
],
"id": "CVE-2019-14835",
"lastModified": "2024-11-21T04:27:27.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.6,
"impactScore": 6.0,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-17T16:15:10.980",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/24/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/03/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2824"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2827"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2828"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2829"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2830"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2854"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2862"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2863"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2864"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2865"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2866"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2867"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2869"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2889"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2899"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2900"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2901"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2924"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Nov/11"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/41"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4135-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4135-2/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4531"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/09/17/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/03/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Nov/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4135-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4135-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/09/17/1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-06 02:15
Modified
2024-11-21 05:49
Severity ?
Summary
There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@huawei.com | https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en | Vendor Advisory | |
| psirt@huawei.com | https://www.oracle.com/security-alerts/cpujan2022.html | Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2022.html | Not Applicable, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 6.5.1.1 | |
| huawei | manageone | 8.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b020:*:*:*:*:*:*",
"matchCriteriaId": "4042FC49-4FC7-46B4-8D14-ECACF22A9860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b030:*:*:*:*:*:*",
"matchCriteriaId": "A4D8799F-9ADD-442F-BC39-4BCAFBFFBE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b040:*:*:*:*:*:*",
"matchCriteriaId": "535597A4-29C8-44A8-9008-4F4E10030531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc1.b070:*:*:*:*:*:*",
"matchCriteriaId": "43839F73-570C-47F7-863C-1648884423FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc1.b080:*:*:*:*:*:*",
"matchCriteriaId": "186BE073-131F-4B46-BD3D-A2BFEE1B8B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b040:*:*:*:*:*:*",
"matchCriteriaId": "22A7E167-9739-49D4-9A77-AF1AF9A078E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b050:*:*:*:*:*:*",
"matchCriteriaId": "A9BC229B-6867-4FEA-925B-6B01AFC0301F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b060:*:*:*:*:*:*",
"matchCriteriaId": "D1B4DD08-EF8C-4E20-9940-13A7F2E33405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b070:*:*:*:*:*:*",
"matchCriteriaId": "74918254-E81D-4F4A-AB43-6A47B04D9670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b080:*:*:*:*:*:*",
"matchCriteriaId": "1FC764B8-9EDA-44B8-9879-125FB2CBAAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b090:*:*:*:*:*:*",
"matchCriteriaId": "A9E37AAA-C721-4BE9-9BF3-26D6ECC2EE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc100.b050:*:*:*:*:*:*",
"matchCriteriaId": "C59C64B0-D42D-4515-BD2B-4FE5C7F48BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc101.b010:*:*:*:*:*:*",
"matchCriteriaId": "698B071C-FC52-40CD-BBA7-53426051F504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc101.b040:*:*:*:*:*:*",
"matchCriteriaId": "F6461FE1-99CC-48E4-8134-F17D895511F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200:*:*:*:*:*:*",
"matchCriteriaId": "FE5AE38A-627F-4337-949D-A5811D6859EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b010:*:*:*:*:*:*",
"matchCriteriaId": "29FEC933-0E52-496B-A2B3-C84E65E5B430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b030:*:*:*:*:*:*",
"matchCriteriaId": "16F30BF5-4510-4AC7-8B12-6D4126C2DC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b040:*:*:*:*:*:*",
"matchCriteriaId": "37090D37-0CDF-464B-9509-4F465D20C8C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b050:*:*:*:*:*:*",
"matchCriteriaId": "83B2B033-F12C-487E-8245-3F5BBF59BBC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b060:*:*:*:*:*:*",
"matchCriteriaId": "1ADF4433-A950-4A00-A4F7-12F766B4C947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b070:*:*:*:*:*:*",
"matchCriteriaId": "7FF3EB4D-6892-4572-B1D6-6183FE8B8D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C07C03B-18BA-4EA3-A73F-3E6E839252F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de l\u00f3gica en el producto Huawei Gauss100 OLTP. Un atacante con determinados permisos podr\u00eda llevar a cabo una sentencia SQL espec\u00edfica para explotar esta vulnerabilidad. Debido a un dise\u00f1o de seguridad insuficiente, una explotaci\u00f3n con \u00e9xito puede causar un servicio anormal. Las versiones del producto afectadas incluyen: ManageOne versiones 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5 .1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200 .B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090"
}
],
"id": "CVE-2021-22298",
"lastModified": "2024-11-21T05:49:51.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-06T02:15:12.603",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en"
},
{
"source": "psirt@huawei.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-29 19:15
Modified
2024-11-21 05:49
Severity ?
Summary
There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cause the system to crash. Affected product versions include: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2.0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | manageone | 6.5.1 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.0 | |
| huawei | manageone | 8.0.1 | |
| huawei | smc2.0 | v600r019c10spc700 | |
| huawei | smc2.0 | v600r019c10spc702 | |
| huawei | smc2.0 | v600r019c10spc703 | |
| huawei | smc2.0 | v600r019c10spc800 | |
| huawei | smc2.0 | v600r019c10spc900 | |
| huawei | smc2.0 | v600r019c10spc910 | |
| huawei | smc2.0 | v600r019c10spc920 | |
| huawei | smc2.0 | v600r019c10spc921 | |
| huawei | smc2.0 | v600r019c10spc922 | |
| huawei | smc2.0 | v600r019c10spc930 | |
| huawei | smc2.0 | v600r019c10spc931 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1:spc200:*:*:*:*:*:*",
"matchCriteriaId": "481FA740-3E71-443D-99DF-89CA198951A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "EFA5EBB8-C174-4CF0-ADE6-15B62C10DD86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:lcnd81:*:*:*:*:*:*",
"matchCriteriaId": "E9090F1E-EF60-4E54-9885-7F6B1681DE9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "51E51969-9D4D-4A58-BEBD-19F4BD64BC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2A1E9FF8-C0A4-47A5-9738-4D0ADB35DAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc3.spc100:*:*:*:*:*:*",
"matchCriteriaId": "5D17BA55-6032-4BC4-BEB3-4FB27BA81777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:spc100:*:*:*:*:*:*",
"matchCriteriaId": "7EDE7C94-7E89-45E6-8A79-32E53D9139DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47A8E919-FAC0-4011-927F-599AA7688A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:smc2.0:v600r019c10spc700:*:*:*:*:*:*:*",
"matchCriteriaId": "7963F54D-82E2-49B4-A897-0D403265A5E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:smc2.0:v600r019c10spc702:*:*:*:*:*:*:*",
"matchCriteriaId": "11188CC9-6AF5-4D12-8698-A29003B93894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:smc2.0:v600r019c10spc703:*:*:*:*:*:*:*",
"matchCriteriaId": "E39C9F23-B8A4-461B-AA1B-D74D4250B3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:smc2.0:v600r019c10spc800:*:*:*:*:*:*:*",
"matchCriteriaId": "A80AA28A-E243-49B0-BC89-EC71C0FD391A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:smc2.0:v600r019c10spc900:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD9AFCB-49CC-451A-8384-4FC5209CBED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:smc2.0:v600r019c10spc910:*:*:*:*:*:*:*",
"matchCriteriaId": "8B96A81A-7CFC-4E47-8D23-8298E300C632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:smc2.0:v600r019c10spc920:*:*:*:*:*:*:*",
"matchCriteriaId": "87F80ABC-A650-4FBC-B099-FA5022AEE80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:smc2.0:v600r019c10spc921:*:*:*:*:*:*:*",
"matchCriteriaId": "33211E67-DCE2-4763-A318-0901F6CE7D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:smc2.0:v600r019c10spc922:*:*:*:*:*:*:*",
"matchCriteriaId": "DAEF1712-F605-43D2-9765-2F13D3FDE6E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:smc2.0:v600r019c10spc930:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB259BD-CCCD-409D-885B-57FFFA33D3CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:smc2.0:v600r019c10spc931:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8CFA5B-18D7-44A9-BE52-78B4AB8B1D45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cause the system to crash. Affected product versions include: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2.0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931"
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de condici\u00f3n de carrera de m\u00faltiples hilos en el producto de Huawei. Se presenta una condici\u00f3n de carrera para la lectura concurrente de I/O por m\u00faltiples hilos. Un atacante con el permiso de root puede explotar esta vulnerabilidad al llevar a cabo algunas operaciones. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad puede causar el bloqueo del sistema. Las versiones del producto afectadas incluyen: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2. 0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931"
}
],
"id": "CVE-2021-22340",
"lastModified": "2024-11-21T05:49:56.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-29T19:15:09.180",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-racecondition-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-racecondition-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-13 17:15
Modified
2024-11-21 04:44
Severity ?
Summary
Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. Attackers can construct invalid packets to attack the active and standby communication channels. Successful exploit of this vulnerability could allow the attacker to crash the database on the standby node.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:manageone:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B85321E0-8B1B-452B-A1AE-D8BB85C18CE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. Attackers can construct invalid packets to attack the active and standby communication channels. Successful exploit of this vulnerability could allow the attacker to crash the database on the standby node."
},
{
"lang": "es",
"value": "La base de datos OLTP de Gauss100 en ManageOne con versiones de 6.5.0, hay una vulnerabilidad de lectura fuera de l\u00edmites debido a las insuficientes comprobaciones de la longitud espec\u00edfica del paquete. Los atacantes pueden construir paquetes no v\u00e1lidos para atacar los canales de comunicaci\u00f3n activos y en espera. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad podr\u00eda permitir a un atacante bloquear la base de datos en el nodo en espera."
}
],
"id": "CVE-2019-5289",
"lastModified": "2024-11-21T04:44:40.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-13T17:15:14.007",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-database-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-database-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-02 17:15
Modified
2024-11-21 05:50
Severity ?
Summary
There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of some files are lack of verification when they are be called. Attackers can exploit this vulnerability by performing these files to cause privilege escalation attack. This can compromise normal service.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "EFA5EBB8-C174-4CF0-ADE6-15B62C10DD86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of some files are lack of verification when they are be called. Attackers can exploit this vulnerability by performing these files to cause privilege escalation attack. This can compromise normal service."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de escalada de privilegios en Huawei ManageOne versi\u00f3n 8.0.0. Los par\u00e1metros externos de algunos archivos carecen de comprobaci\u00f3n cuando son llamados. Unos atacantes pueden explotar esta vulnerabilidad al llevar a cabo estos archivos para causar un ataque de escalada de privilegios. Esto puede comprometer el servicio normal"
}
],
"id": "CVE-2021-22397",
"lastModified": "2024-11-21T05:50:02.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-02T17:15:14.130",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-pe-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-pe-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}