var-201802-0536
Vulnerability from variot
Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests that contain user-supplied input, successful exploitation may allow the attacker to execute arbitrary SQL queries. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201802-0536", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "uma", scope: "eq", trust: 1.6, vendor: "huawei", version: "v200r001c00", }, { model: "unified maintenance and audit", scope: "eq", trust: 0.8, vendor: "huawei", version: "v200r001c00", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-012455", }, { db: "NVD", id: "CVE-2017-15329", }, { db: "CNNVD", id: "CNNVD-201711-1128", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:huawei:uma_firmware:v200r001c00:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:huawei:uma:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-15329", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Jianfeng.Li of DBAPPSecurity Ltd", sources: [ { db: "CNNVD", id: "CNNVD-201711-1128", }, ], trust: 0.6, }, cve: "CVE-2017-15329", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 6.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2017-15329", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "VHN-106140", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2017-15329", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-15329", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201711-1128", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-106140", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-106140", }, { db: "JVNDB", id: "JVNDB-2017-012455", }, { db: "NVD", id: "CVE-2017-15329", }, { db: "CNNVD", id: "CNNVD-201711-1128", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests that contain user-supplied input, successful exploitation may allow the attacker to execute arbitrary SQL queries. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit", sources: [ { db: "NVD", id: "CVE-2017-15329", }, { db: "JVNDB", id: "JVNDB-2017-012455", }, { db: "VULHUB", id: "VHN-106140", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-15329", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2017-012455", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201711-1128", trust: 0.6, }, { db: "VULHUB", id: "VHN-106140", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-106140", }, { db: "JVNDB", id: "JVNDB-2017-012455", }, { db: "NVD", id: "CVE-2017-15329", }, { db: "CNNVD", id: "CNNVD-201711-1128", }, ], }, id: "VAR-201802-0536", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-106140", }, ], trust: 0.01, }, last_update_date: "2023-12-18T12:29:11.646000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "huawei-sa-20171116-01-uma", trust: 0.8, url: "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en", }, { title: "Huawei UMA SQL Repair measures for injecting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76788", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-012455", }, { db: "CNNVD", id: "CNNVD-201711-1128", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-89", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-106140", }, { db: "JVNDB", id: "JVNDB-2017-012455", }, { db: "NVD", id: "CVE-2017-15329", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.1, url: "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15329", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-15329", }, { trust: 0.6, url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171116-01-uma-en", }, ], sources: [ { db: "VULHUB", id: "VHN-106140", }, { db: "JVNDB", id: "JVNDB-2017-012455", }, { db: "NVD", id: "CVE-2017-15329", }, { db: "CNNVD", id: "CNNVD-201711-1128", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-106140", }, { db: "JVNDB", id: "JVNDB-2017-012455", }, { db: "NVD", id: "CVE-2017-15329", }, { db: "CNNVD", id: "CNNVD-201711-1128", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-02-15T00:00:00", db: "VULHUB", id: "VHN-106140", }, { date: "2018-03-09T00:00:00", db: "JVNDB", id: "JVNDB-2017-012455", }, { date: "2018-02-15T16:29:00.203000", db: "NVD", id: "CVE-2017-15329", }, { date: "2017-11-30T00:00:00", db: "CNNVD", id: "CNNVD-201711-1128", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-02-26T00:00:00", db: "VULHUB", id: "VHN-106140", }, { date: "2018-03-09T00:00:00", db: "JVNDB", id: "JVNDB-2017-012455", }, { date: "2018-02-26T15:05:54.977000", db: "NVD", id: "CVE-2017-15329", }, { date: "2017-11-30T00:00:00", db: "CNNVD", id: "CNNVD-201711-1128", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201711-1128", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Huawei UMA In SQL Injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2017-012455", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SQL injection", sources: [ { db: "CNNVD", id: "CNNVD-201711-1128", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
This schema specifies the format of a comment related to a security advisory.
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.