CVE-2021-22299

CVE-2021-22299 describes a local privilege escalation in certain Huawei products. The vulnerability affects multiple ManageOne, NFV_FusionSphere, SMC2.0, and iMaster MAE-M release lines (for example ManageOne versions 6.5.0 and 8.0.x series, NFV_FusionSphere 6.5.x and 8.0.x, SMC2.0 V600R019C00/C1...

CVE-2021-22299

There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne...

CVE-2020-9205

There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to...

CVE-2020-9205

CVE-2020-9205 is a CSV injection vulnerability affecting Huawei ManageOne 8.0.1. The root cause is insufficient input validation of certain parameters during CSV-related operations, enabling an attacker with basic privileges to inject CSV content into generated files. Several connected sources co...

CVE-2021-22298

CVE-2021-22298 has two distinct threads in the provided connected documents. First, the initial Huawei ManageOne entry describes a logic vulnerability in Huawei Gauss100 OLTP Product (ManageOne) where an attacker with certain permissions could execute specific SQL statements, due to insufficient ...

CVE-2021-22298

There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne...

Huawei ManageOne Improper Privilege Assignment Vulnerability

Huawei Manageone is a cloud data center management solution from China's Huawei. The product supports unified management of heterogeneous cloud resource pools, and provides functions such as multi-level VDC matching customer organization model, service catalog planning, self-service, centralized...

Huawei Manageone 安全漏洞

Huawei Manageone is a cloud data center management solution from Huawei of China. Huawei Manageone has a security vulnerability that could be exploited by attackers to cause service anomalies...

Huawei Manageone 授权问题漏洞

Huawei Manageone is a cloud data center management solution from China's Huawei. The product supports unified management of heterogeneous cloud resource pools, and provides functions such as multi-level VDC matching customer organization model, service catalog planning, self-service, centralized...

Security Advisory - Improper Permission Assignment Vulnerability in Huawei ManageOne Product

There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain user to do certain operations with improper permission. Vulnerability ID: HWPSIRT-2020-8163...

Huawei ManageOne CSV Injection Vulnerability

Huawei Manageone is a cloud data center management solution from China's Huawei. The product supports unified management of heterogeneous cloud resource pools, and provides functions such as multi-level VDC matching customer organization model, service catalog planning, self-service, centralized...

Huawei Manageone 注入漏洞

Huawei Manageone is a cloud data center management solution from China's Huawei. The product supports unified management of heterogeneous cloud resource pools, and provides functions such as multi-level VDC matching customer organization model, service catalog planning, self-service, centralized...

Security Advisory - CSV Injection Vulnerability in ManageOne Product

There has a CSV injection vulnerability in ManageOne Product. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files ...

Huawei CampusInsight and ManageOne Environmental Issues Vulnerability

Huawei ManageOne is a cloud data center management solution, Huawei CampusInsight is a campus network management system, Huawei CampusInsight and ManageOne have security vulnerabilities that could be exploited by attackers to cause information leakage...

Huawei Manageone 环境问题漏洞

Huawei ManageOne is a cloud data center management solution, Huawei CampusInsight is a campus network management system, Huawei CampusInsight and ManageOne have security vulnerabilities that could be exploited by attackers to cause information leakage...

Huawei's security vulnerabilities in several products

Huawei Manageone is a cloud data center management solution from China's Huawei. The product supports unified management of heterogeneous cloud resource pools, and provides features such as multi-level VDC matching customer organization models, service catalog planning, self-service, centralized...

CVE-2020-9115

ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation ...

CVE-2020-9115

ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation ...

Command injection

ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation ...

CVE-2020-9115

CVE-2020-9115 affects Huawei ManageOne versions 6.5.1.1.B010/B020/B030/B040/B050, and 8.0.0/8.0.1. The root cause is insufficient input validation in the plug-in component, enabling a high-privilege attacker to inject commands on the target device via certain operations. The vulnerability has a h...