CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28485
https://notcve.org/view.php?id=CVE-2021-28485
In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application. En Ericsson Mobile Switching Center Server (MSC-S) anterior a IS 3.1 CP22, la aplicación web SIS permite el Path Traversal a través de un parámetro específico en la solicitud https después de la autenticación, lo que permite el acceso a archivos en el sistema a los que no se pretende que sean accesibles a través de la aplicación web. • https://www.ericsson.com/en/about-us/security/psirt https://www.gruppotim.it/it/footer/red-team.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46408
https://notcve.org/view.php?id=CVE-2022-46408
Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability. • https://www.gruppotim.it/it/footer/red-team.html • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46407
https://notcve.org/view.php?id=CVE-2022-46407
Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability • https://www.gruppotim.it/it/footer/red-team.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32570
https://notcve.org/view.php?id=CVE-2021-32570
In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security Administrator. Those users can access some log’s files, under a common path, and read information stored in the log’s files in order to conduct privilege escalation. En Ericsson Network Manager (ENM) versiones anteriores a 21.2, los usuarios que pertenecen al mismo grupo de autorización de AMOS pueden recuperar los datos de determinados archivos de registro. Todos los usuarios de AMOS son considerados usuarios altamente privilegiados en el sistema ENM y todos deben ser previamente definidos y autorizados por el Administrador de Seguridad. • https://www.ericsson.com https://www.gruppotim.it/it/footer/red-team.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28488
https://notcve.org/view.php?id=CVE-2021-28488
Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group). Ericsson Network Manager (ENM) antes de la versión 21.2 tiene un comportamiento de control de acceso incorrecto (que sólo afecta al nivel de acceso disponible para las personas a las que ya se les ha concedido un rol altamente privilegiado). Los usuarios del mismo grupo de autorización de AMOS pueden recuperar datos de la red gestionada que no estaban configurados para ser accesibles a todo el grupo (es decir, sólo estaban configurados para ser accesibles a un subconjunto de ese grupo) • https://www.ericsson.com https://www.ericsson.com/en/about-us/enterprise-security/psirt https://www.gruppotim.it/it/footer/red-team.html • CWE-668: Exposure of Resource to Wrong Sphere •