CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8117
https://notcve.org/view.php?id=CVE-2017-8117
22 Nov 2017 — The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de elevación de privilegios debido a una validación insuficiente o al procesamiento incorrecto de parámetros. Un atacante podría manipular paquetes específicos para explotar ... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en • CWE-20: Improper Input Validation •
CVSS: 2.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8118
https://notcve.org/view.php?id=CVE-2017-8118
22 Nov 2017 — The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de filtrado de información. Un atacante podría explotarla para obtener información sensible, provocando un filtrado de información. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8119
https://notcve.org/view.php?id=CVE-2017-8119
22 Nov 2017 — The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de elevación de privilegios debido a una validación insuficiente o al procesamiento incorrecto de parámetros. Un atacante podría manipular paquetes específicos para explotar ... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8120
https://notcve.org/view.php?id=CVE-2017-8120
22 Nov 2017 — The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de elevación de privilegios debido a una validación insuficiente o al procesamiento incorrecto de parámetros. Un atacante podría manipular paquetes específicos para explotar ... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8121
https://notcve.org/view.php?id=CVE-2017-8121
22 Nov 2017 — The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de filtrado de información. Un atacante podría explotarla para obtener información sensible, provocando un filtrado de información. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8125
https://notcve.org/view.php?id=CVE-2017-8125
22 Nov 2017 — The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de Cross-Site Scripting (XSS) debido a una validación de entradas insuficiente. Un atacante podría manipular enlaces o scripts maliciosos para lanzar ataques de XSS. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8128
https://notcve.org/view.php?id=CVE-2017-8128
22 Nov 2017 — The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de elevación de privilegios debido a una validación insuficiente o al procesamiento incorrecto de parámetros. Un atacante podría manipular paquetes específicos para explotar ... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8129
https://notcve.org/view.php?id=CVE-2017-8129
22 Nov 2017 — The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de elevación de privilegios debido a una validación insuficiente o al procesamiento incorrecto de parámetros. Un atacante podría manipular paquetes específicos para explotar ... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8130
https://notcve.org/view.php?id=CVE-2017-8130
22 Nov 2017 — The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de filtrado de información. Un atacante podría explotarla para obtener información sensible, provocando un filtrado de información. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7107
https://notcve.org/view.php?id=CVE-2016-7107
07 Sep 2016 — Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors. Huawei Unified Maintenance Audit (UMA) en versiones anteriores a V200R001C00SPC200 SPH206 permite a atacantes remotos restablecer contraseñas de usuario arbitrarias y consecuentemente afectar al sistema íntegro de datos a través de vectores no especificados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en • CWE-284: Improper Access Control •