CVE-2021-22298

EPSS 0.19%
Veröffentlicht 06.02.2021 02:15:12
Zuletzt bearbeitet 21.11.2024 05:49:51
Quelle psirt@huawei.com
Teams Watchlist Login
Unerledigt Login

There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Huawei ≫ Manageone Version6.5.1.1 Updateb020

Huawei ≫ Manageone Version6.5.1.1 Updateb030

Huawei ≫ Manageone Version6.5.1.1 Updateb040

Huawei ≫ Manageone Version6.5.1.1 Updaterc1.b070

Huawei ≫ Manageone Version6.5.1.1 Updaterc1.b080

Huawei ≫ Manageone Version6.5.1.1 Updaterc2.b040

Huawei ≫ Manageone Version6.5.1.1 Updaterc2.b050

Huawei ≫ Manageone Version6.5.1.1 Updaterc2.b060

Huawei ≫ Manageone Version6.5.1.1 Updaterc2.b070

Huawei ≫ Manageone Version6.5.1.1 Updaterc2.b080

Huawei ≫ Manageone Version6.5.1.1 Updaterc2.b090

Huawei ≫ Manageone Version6.5.1.1 Updatespc100.b050

Huawei ≫ Manageone Version6.5.1.1 Updatespc101.b010

Huawei ≫ Manageone Version6.5.1.1 Updatespc101.b040

Huawei ≫ Manageone Version6.5.1.1 Updatespc200

Huawei ≫ Manageone Version6.5.1.1 Updatespc200.b010

Huawei ≫ Manageone Version6.5.1.1 Updatespc200.b030

Huawei ≫ Manageone Version6.5.1.1 Updatespc200.b040

Huawei ≫ Manageone Version6.5.1.1 Updatespc200.b050

Huawei ≫ Manageone Version6.5.1.1 Updatespc200.b060

Huawei ≫ Manageone Version6.5.1.1 Updatespc200.b070

Huawei ≫ Manageone Version8.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.409

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

https://www.oracle.com/security-alerts/cpujan2022.html

Third Party Advisory

Not Applicable

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-22298

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22298

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22298

EUVD