CVE-2021-22298

EPSS 0.19%
Published 06.02.2021 02:15:12
Last modified 21.11.2024 05:49:51
Source psirt@huawei.com
Teams watchlist Login
Open Login

There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.

Affected products Warnungen 0 Metrics 3 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ Manageone Version6.5.1.1 Updateb020

Huawei ≫ Manageone Version6.5.1.1 Updateb030

Huawei ≫ Manageone Version6.5.1.1 Updateb040

Huawei ≫ Manageone Version6.5.1.1 Updaterc1.b070

Huawei ≫ Manageone Version6.5.1.1 Updaterc1.b080

Huawei ≫ Manageone Version6.5.1.1 Updaterc2.b040

Huawei ≫ Manageone Version6.5.1.1 Updaterc2.b050

Huawei ≫ Manageone Version6.5.1.1 Updaterc2.b060

Huawei ≫ Manageone Version6.5.1.1 Updaterc2.b070

Huawei ≫ Manageone Version6.5.1.1 Updaterc2.b080

Huawei ≫ Manageone Version6.5.1.1 Updaterc2.b090

Huawei ≫ Manageone Version6.5.1.1 Updatespc100.b050

Huawei ≫ Manageone Version6.5.1.1 Updatespc101.b010

Huawei ≫ Manageone Version6.5.1.1 Updatespc101.b040

Huawei ≫ Manageone Version6.5.1.1 Updatespc200

Huawei ≫ Manageone Version6.5.1.1 Updatespc200.b010

Huawei ≫ Manageone Version6.5.1.1 Updatespc200.b030

Huawei ≫ Manageone Version6.5.1.1 Updatespc200.b040

Huawei ≫ Manageone Version6.5.1.1 Updatespc200.b050

Huawei ≫ Manageone Version6.5.1.1 Updatespc200.b060

Huawei ≫ Manageone Version6.5.1.1 Updatespc200.b070

Huawei ≫ Manageone Version8.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.409

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

https://www.oracle.com/security-alerts/cpujan2022.html

Third Party Advisory

Not Applicable

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-22298

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22298

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22298

EUVD