CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25007 – Ericsson Network Manager - Improper Neutralization of Formula Elements Vulnerability
https://notcve.org/view.php?id=CVE-2024-25007
04 Apr 2024 — Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability. Ericsson Network Manager (ENM), versiones anteriores a la 23.1, contiene una vulnerabilidad en la función de exportación ... • https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39909
https://notcve.org/view.php?id=CVE-2023-39909
07 Dec 2023 — Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. Ericsson Network Manager anterior a 23.2 maneja mal el control de acceso y, por lo tanto, los usuarios no autenticados con pocos privilegios pueden acceder a la aplicación NCM. • https://www.gruppotim.it/it/footer/red-team.html •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46408
https://notcve.org/view.php?id=CVE-2022-46408
29 Jun 2023 — Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability. • https://www.gruppotim.it/it/footer/red-team.html • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46407
https://notcve.org/view.php?id=CVE-2022-46407
29 Jun 2023 — Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability • https://www.gruppotim.it/it/footer/red-team.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32570
https://notcve.org/view.php?id=CVE-2021-32570
25 Aug 2022 — In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security Administrator. Those users can access some log’s files, under a common path, and read information stored in the log’s files in order to conduct privilege escalation. En Ericsson Network Manager (ENM) versiones anterio... • https://www.ericsson.com • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28488
https://notcve.org/view.php?id=CVE-2021-28488
08 Mar 2022 — Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group). Ericsson Network Manager (ENM) antes de la versión 21.2 tiene un comportamiento de control de acceso incorrecto (que sólo a... • https://www.ericsson.com • CWE-668: Exposure of Resource to Wrong Sphere •