CVE-2021-22339Insufficient Verification of Data Authenticity in Huawei Manageone

CWE-345Insufficient Verification of Data Authenticity3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 79.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Manageone
Timeline
PublishedMay 20
Latest updateMay 24

Description

There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5huawei/manageone6.5.0,6.5.0.SPC100.B210,6.5.0.SPC100.B220,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC1.B070,6.5.1RC1.B080,6.5.1RC2.B010,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100
NVDhuawei/manageone6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-p26q-mrh9-9652: There is a denial of service vulnerability in some versions of ManageOne2022-05-24
CVEList
CVE-2021-22339: There is a denial of service vulnerability in some versions of ManageOne2021-05-20
CVE-2021-22339 — Huawei Manageone vulnerability | cvebase