CVE-2021-26578 – Hewlett Packard Enterprise Network Orchestrator uaf-token SQL Injection Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2021-26578

A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. The vulnerability could be remotely exploited with SQL injection. Se ha identificado una vulnerabilidad de seguridad potencial en HPE Network Orchestrator (NetO) versiones: anteriores a 2.5. La vulnerabilidad podría ser explotada remotamente con una inyección SQL This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Network Orchestrator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the connections resource. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04097en_us • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •