FKIE_CVE-2021-22298

Vulnerability from fkie_nvd - Published: 2021-02-06 02:15 - Updated: 2024-11-21 05:49
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.
References
psirt@huawei.comhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-enVendor Advisory
psirt@huawei.comhttps://www.oracle.com/security-alerts/cpujan2022.htmlNot Applicable, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-enVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlNot Applicable, Third Party Advisory
Impacted products
Vendor Product Version
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 6.5.1.1
huawei manageone 8.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b020:*:*:*:*:*:*",
              "matchCriteriaId": "4042FC49-4FC7-46B4-8D14-ECACF22A9860",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b030:*:*:*:*:*:*",
              "matchCriteriaId": "A4D8799F-9ADD-442F-BC39-4BCAFBFFBE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b040:*:*:*:*:*:*",
              "matchCriteriaId": "535597A4-29C8-44A8-9008-4F4E10030531",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc1.b070:*:*:*:*:*:*",
              "matchCriteriaId": "43839F73-570C-47F7-863C-1648884423FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc1.b080:*:*:*:*:*:*",
              "matchCriteriaId": "186BE073-131F-4B46-BD3D-A2BFEE1B8B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b040:*:*:*:*:*:*",
              "matchCriteriaId": "22A7E167-9739-49D4-9A77-AF1AF9A078E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b050:*:*:*:*:*:*",
              "matchCriteriaId": "A9BC229B-6867-4FEA-925B-6B01AFC0301F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b060:*:*:*:*:*:*",
              "matchCriteriaId": "D1B4DD08-EF8C-4E20-9940-13A7F2E33405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b070:*:*:*:*:*:*",
              "matchCriteriaId": "74918254-E81D-4F4A-AB43-6A47B04D9670",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b080:*:*:*:*:*:*",
              "matchCriteriaId": "1FC764B8-9EDA-44B8-9879-125FB2CBAAB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b090:*:*:*:*:*:*",
              "matchCriteriaId": "A9E37AAA-C721-4BE9-9BF3-26D6ECC2EE6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc100.b050:*:*:*:*:*:*",
              "matchCriteriaId": "C59C64B0-D42D-4515-BD2B-4FE5C7F48BE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc101.b010:*:*:*:*:*:*",
              "matchCriteriaId": "698B071C-FC52-40CD-BBA7-53426051F504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc101.b040:*:*:*:*:*:*",
              "matchCriteriaId": "F6461FE1-99CC-48E4-8134-F17D895511F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200:*:*:*:*:*:*",
              "matchCriteriaId": "FE5AE38A-627F-4337-949D-A5811D6859EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b010:*:*:*:*:*:*",
              "matchCriteriaId": "29FEC933-0E52-496B-A2B3-C84E65E5B430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b030:*:*:*:*:*:*",
              "matchCriteriaId": "16F30BF5-4510-4AC7-8B12-6D4126C2DC60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b040:*:*:*:*:*:*",
              "matchCriteriaId": "37090D37-0CDF-464B-9509-4F465D20C8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b050:*:*:*:*:*:*",
              "matchCriteriaId": "83B2B033-F12C-487E-8245-3F5BBF59BBC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b060:*:*:*:*:*:*",
              "matchCriteriaId": "1ADF4433-A950-4A00-A4F7-12F766B4C947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b070:*:*:*:*:*:*",
              "matchCriteriaId": "7FF3EB4D-6892-4572-B1D6-6183FE8B8D66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:manageone:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C07C03B-18BA-4EA3-A73F-3E6E839252F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de l\u00f3gica en el producto Huawei Gauss100 OLTP. Un atacante con determinados permisos podr\u00eda llevar a cabo una sentencia SQL espec\u00edfica para explotar esta vulnerabilidad. Debido a un dise\u00f1o de seguridad insuficiente, una explotaci\u00f3n con \u00e9xito puede causar un servicio anormal. Las versiones del producto afectadas incluyen: ManageOne versiones 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5 .1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200 .B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090"
    }
  ],
  "id": "CVE-2021-22298",
  "lastModified": "2024-11-21T05:49:51.903",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-06T02:15:12.603",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en"
    },
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.