CVE-2021-22298Huawei Manageone vulnerability

3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 59.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Manageone
Timeline
PublishedFeb 6
Latest updateMay 24

Description

There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5huawei/manageone6.5.1.1.B020,6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090
NVDhuawei/manageone6.5.1.1, 8.0.0+1

🔴Vulnerability Details

2
GHSA
GHSA-hphj-4pmp-q6gf: There is a logic vulnerability in Huawei Gauss100 OLTP Product2022-05-24
CVEList
CVE-2021-22298: There is a logic vulnerability in Huawei Gauss100 OLTP Product2021-02-06
CVE-2021-22298 — Huawei Manageone vulnerability | cvebase