mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
169 lines
5.6 KiB
JSON
169 lines
5.6 KiB
JSON
{
|
|
"id": "CVE-2021-22293",
|
|
"sourceIdentifier": "psirt@huawei.com",
|
|
"published": "2021-02-06T03:15:12.767",
|
|
"lastModified": "2024-11-21T05:49:51.480",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1)."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Algunos productos de Huawei presentan una vulnerabilidad de interpretaci\u00f3n inconsistente de peticiones HTTP. Los atacantes pueden explotar esta vulnerabilidad para causar un filtrado de informaci\u00f3n. Las versiones de producto afectadas son: CampusInsight versiones V100R019C10; ManageOne versiones 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Las versiones de producto afectadas incluyen: Taurus-AL00A versi\u00f3n 10.0.0.1(C00E1R1P1)"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
|
"baseScore": 5.0,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-444"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:huawei:campusinsight:v100r019c10:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "704AA007-5ADB-4376-BF2A-9F2B8D8E2DC8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "24620D00-5935-4C33-B9E9-474353958727"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "46A79DF7-123C-4AA9-B334-2F38FA663BED"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CBEB49EA-8556-49C8-80F9-682209E12D35"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc100:*:*:*:*:*:*",
|
|
"matchCriteriaId": "290026C4-4A41-42E1-8729-6D682CD98E98"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FE5AE38A-627F-4337-949D-A5811D6859EB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "51E51969-9D4D-4A58-BEBD-19F4BD64BC7A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:huawei:taurus-al00a_firmware:10.0.0.1\\(c00e1r1p1\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1110292D-92A1-4B57-BFE6-042389ED1C2B"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:huawei:taurus-al00a:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "369D8168-4BFA-4003-A332-3E6876459623"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-01-http-en",
|
|
"source": "psirt@huawei.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-01-http-en",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |