CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41390
https://notcve.org/view.php?id=CVE-2021-41390
17 Sep 2021 — In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. En Ericsson ECM versiones anteriores a 18.0, se observó que el Endpoint del Proveedor de Seguridad en la Sección de Administración de Perfiles de Usuario es vulnerable a una inyección de CSV • https://the-it-wonders.blogspot.com/2021/09/ericsson-ecm-enterprise-content_17.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2020-29144
https://notcve.org/view.php?id=CVE-2020-29144
27 Nov 2020 — In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework. En Ericsson BSCS iX R18 Billing & Rating iX R18, MX, es un módulo de base web en BSCS iX, que es vulnerable a un ataque de tipo XSS almacenado por medio de ... • http://the-it-wonders.blogspot.com/2020/01/ericsson-bscs-ix-r18-billing-rating.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2020-29145
https://notcve.org/view.php?id=CVE-2020-29145
27 Nov 2020 — In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework. En Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX es un módulo de base web ... • http://the-it-wonders.blogspot.com/2020/01/ericsson-bscs-ix-r18-billing-rating.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2019-7417 – Ericsson Active Library Explorer (ALEX) 14.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-7417
08 Feb 2019 — XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter. Existe Cross-Site Scripting (XSS) en Ericsson Active Library Explorer (ALEX) 14.3 en múltiples parámetros en el servlet "/cgi-bin/alexserv", tal y como queda demostrado con los parámetros DB, FN, fn o id. Ericsson Active Library Explorer (ALEX) version 14.3 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/151583 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2015-2165 – Ericsson Drutt MSDP (Report Viewer) Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-2165
01 Apr 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) toDate, (4) fromTime, (5) toTime, (6) kword, (7) uname, (8) pname, (9) sname, (10) atype, or (11) atitle parameter to top-links.jsp; (12) portal or (13) uid parameter to (a) page-summary.jsp or (b) service-summary.jsp; (14) portal, (15) fromDate, (16) toDate, (17... • https://packetstorm.news/files/id/131232 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2015-2167 – Ericsson Drutt MSDP (3PI Manager) Open Redirect
https://notcve.org/view.php?id=CVE-2015-2167
01 Apr 2015 — Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp. Vulnerabilidad de redirección abierta en 3PI Manager en Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, y 6 permite a atacantes remotos redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a través de una ... • https://packetstorm.news/files/id/131230 •
CVSS: 7.5EPSS: 16%CPEs: 3EXPL: 4CVE-2015-2166 – Ericsson Drutt MSDP (Instance Monitor) - Directory Traversal
https://notcve.org/view.php?id=CVE-2015-2166
01 Apr 2015 — Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI. Vulnerabilidad de salto de directorio en Instance Monitor en Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, y 6 permite a atacantes remotos leer ficheros arbitrarios a través de un ..%2f (punto punto barra oblicua codificada) en la URI por defecto. Ericsson Drutt MS... • https://packetstorm.news/files/id/131233 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 1%CPEs: 9EXPL: 0CVE-2009-0396
https://notcve.org/view.php?id=CVE-2009-0396
03 Feb 2009 — The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, W880i, and K530i phones allow remote attackers to cause a denial of service (device reboot or hang-up) via a malformed WAP Push packet to (1) SMS or (2) UDP port 2948. Los teléfonos Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, W880i, y K530i permite a los atacantes remotos causar una denegación de servicios (el dispositivo se reinicia o cuelgue) a través de paquetes mal formados WAP Push para (1) SMS o (2) puerto UDP 2948. • http://secunia.com/advisories/33616 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2007-0521
https://notcve.org/view.php?id=CVE-2007-0521
26 Jan 2007 — The Sony Ericsson K700i and W810i phones allow remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. Los teléfonos Sony Ericsson K700i y W810i permite a atacantes remotos provocar una denegación de servicio (diálogos modales contínuos e indisponibilidad del interfaz de usuario) intentando repetidamente la transmisión OBEX de un archivo por Bluetooth, como ha sido demostrado por ussp... • http://securityreason.com/securityalert/2180 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6895
https://notcve.org/view.php?id=CVE-2006-6895
31 Dec 2006 — The Bluetooth stack in the Sony Ericsson T60 does not properly implement "Limited discoverable" mode, which allows remote attackers to obtain unauthorized inquiry responses. La pila Bluetooth en el Sony Ericsson T60 no implementa adecuadamente el modo "visible limitadamente" (Limited discoverable mode), lo cual permite a atacantes remotos obtener respuestas no autorizadas a peticiones. • http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf •