cve/2021/CVE-2021-22298.md

### [CVE-2021-22298](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22298)
![](https://img.shields.io/static/v1?label=Product&message=ManageOne&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=6.5.1.1.B020%2C6.5.1.1.B030%2C%206.5.1.1.B040%2C%206.5.1.SPC100.B050%2C%206.5.1.SPC101.B010%2C%206.5.1.SPC101.B040%2C%206.5.1.SPC200%2C%206.5.1.SPC200.B010%2C%206.5.1.SPC200.B030%2C%206.5.1.SPC200.B040%2C%206.5.1.SPC200.B050%2C%206.5.1.SPC200.B060%2C%206.5.1.SPC200.B070%2C%206.5.1RC1.B070%2C%206.5.1RC1.B080%2C%206.5.1RC2.B040%2C%206.5.1RC2.B050%2C%206.5.1RC2.B060%2C%206.5.1RC2.B070%2C%206.5.1RC2.B080%2C%206.5.1RC2.B090%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Logic&color=brightgreen)

### Description

There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.

### POC

#### Reference
- https://www.oracle.com/security-alerts/cpujan2022.html

#### Github
No PoCs found on GitHub currently.