发布时间: 2023年7月1日
修改时间: 2024年2月26日
Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability
| NVD | openEuler | |
|---|---|---|
| Confidentiality | Low | Low |
| Attack Vector | Network | Network |
| CVSS评分 | 4.8 | 4.8 |
| Attack Complexity | Low | Low |
| Privileges Required | High | High |
| Scope | Changed | Changed |
| Integrity | Low | Low |
| User Interaction | Required | Required |
| Availability | None | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2023-1475 | Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability | 2023年7月1日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | rest | Unaffected |
| KY3.4-5 | rest | Unaffected |
| KY3.5.1 | rest | Unaffected |
| KY3.5.2 | rest | Unaffected |
