Security Advisory - Sensitive Information Disclosure Vulnerability on FusionSphere OpenStack

There is a sensitive information disclosure vulnerability on FusionSphere OpenStack. The software stores some sensitive information with insufficient access control. An unauthenticated remote attacker could get sensitive information by accessing certain ports. Vulnerability ID: HWPSIRT-2017-06223...

Huawei FusionSphere OpenStack Improper Authentication Vulnerability (CNVD-2017-30767)

Huawei FusionSphere OpenStack FSO is FusionSphere's cloud platform software for ICT scenarios. An improper authentication vulnerability exists in FusionSphere OpenStack. Due to improper authentication of the privileges of the accessing user, an attacker can perform additional operations after...

Huawei FusionSphere OpenStack Improper Authentication Vulnerability

Huawei FusionSphere OpenStack FSO is FusionSphere's cloud platform software for ICT scenarios. An improper authentication vulnerability exists in FusionSphere OpenStack, which can be successfully exploited by an attacker to perform additional operations by forging a rest message due to improper...

Security Advisory - Two Vulnerabilities in The FusionSphere OpenStack

The FusionSphere OpenStack has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands. Vulnerability ID: HWPSIRT-2017-06001 This...

Security Advisory - Improper Authentication Vulnerability in The FusionSphere OpenStack

FusionSphere OpenStack has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message. Vulnerability ID: HWPSIRT-2017-06002 This vulnerability has...

Huawei FusionSphere OpenStack Command Injection Vulnerability

Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. The Huawei FusionSphere OpenStack suffers from a comma...

Huawei FusionSphere and FusionSphere OpenStack Command Injection Vulnerability

Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. A command injection vulnerability exists in Huawei...

Huawei FusionSphere and FusionSphere OpenStack Command Injection Vulnerability (CNVD-2017-09507)

Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. A command injection vulnerability exists in Huawei...

Huawei FusionSphere and FusionSphere OpenStack Command Injection Vulnerability (CNVD-2017-09508)

Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. A command injection vulnerability exists in Huawei...

Huawei FusionSphere and FusionSphere OpenStack Command Injection Vulnerability (CNVD-2017-09506)

Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. A command injection vulnerability exists in Huawei...

Security Advisory - Four Command Injection Vulnerabilities in The FusionSphere OpenStack

The FusionSphere OpenStack has four command injection vulnerabilities due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. Vulnerability ID:...

Security Advisory - Buffer Overflow vulnerability in the FusionSphere OpenStack

The GaussDB of the FusionSphere OpenStack has a stack overflow vulnerability due to the lack of input validation on some parameters. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service DoS condition in the affected system...