CVE-2021-22298

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.

Se presenta una vulnerabilidad de lógica en el producto Huawei Gauss100 OLTP. Un atacante con determinados permisos podría llevar a cabo una sentencia SQL específica para explotar esta vulnerabilidad. Debido a un diseño de seguridad insuficiente, una explotación con éxito puede causar un servicio anormal. Las versiones del producto afectadas incluyen: ManageOne versiones 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5 .1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200 .B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-05 CVE Reserved
2021-02-06 CVE Published
2023-03-08 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (2)

URL	Tag	Source
https://www.oracle.com/security-alerts/cpujan2022.html	Not Applicable

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en	2022-03-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		b020		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		b030		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		b040		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		rc1.b070		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		rc1.b080		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		rc2.b040		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		rc2.b050		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		rc2.b060		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		rc2.b070		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		rc2.b080		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		rc2.b090		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		spc100.b050		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		spc101.b010		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		spc101.b040		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		spc200		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		spc200.b010		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		spc200.b030		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		spc200.b040		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		spc200.b050		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		spc200.b060		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				6.5.1.1 Search vendor "Huawei" for product "Manageone" and version "6.5.1.1"		spc200.b070		Affected
Huawei Search vendor "Huawei"		Manageone Search vendor "Huawei" for product "Manageone"				8.0.0 Search vendor "Huawei" for product "Manageone" and version "8.0.0"		-		Affected