Описание
Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group).
Ссылки
- Vendor Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 21.2 (исключая)
cpe:2.3:a:ericsson:network_manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.0063
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-668
Связанные уязвимости
CVSS3: 6.5
github
почти 4 года назад
Ericsson Network Manager 20.2 has Insecure Permissions.
EPSS
Процентиль: 70%
0.0063
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-668