CVE-2021-22397Improper Input Validation in Huawei Manageone

CWE-20Improper Input ValidationCWE-269Improper Privilege Management3 documents3 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 92.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Manageone
Timeline
PublishedAug 2
Latest updateMay 24

Description

There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of some files are lack of verification when they are be called. Attackers can exploit this vulnerability by performing these files to cause privilege escalation attack. This can compromise normal service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5huawei/manageone8.0.0
NVDhuawei/manageone8.0.0

🔴Vulnerability Details

2
GHSA
GHSA-4g2x-v66g-vw9g: There is a privilege escalation vulnerability in Huawei ManageOne 82022-05-24
CVEList
CVE-2021-22397: There is a privilege escalation vulnerability in Huawei ManageOne 82021-08-02
CVE-2021-22397 — Improper Input Validation in Huawei | cvebase