9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.009 Low
EPSS
Percentile
82.4%
The OceanStor UDS has some vulnerability:
Attacker injects JavaScript into patch. After the patch is loaded through the OceanStor DeviceManager, the returned content contains the injected script. After the script is parsed and executed on the OceanStor DeviceManager, information leak occurs (Vulnerability ID: HWPSIRT-2014-1235).
This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-2251.
Attacker injects shell scripts into patch files. After the patches are loaded by administrators, the injected shell will be executed under the root privilege (Vulnerability ID: HWPSIRT-2014-1236).
This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-2252.
Attacker uploads XML files injected with malicious codes through the XML interface, the system file information may be leaked through the response messages. (Vulnerability ID: HWPSIRT-2014-1237).
This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-2253.
CPE | Name | Operator | Version |
---|---|---|---|
oceanstor uds | lt | V100R002C01SPC101 |
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.009 Low
EPSS
Percentile
82.4%