Network Manager Security Vulnerabilities and Issues — Network Manager CVE List

EricssonNetwork Manager

8 matches found

CVE•added 2022/03/08 10:51 p.m.•95 views

CVE-2021-28488

Ericsson Network Manager (ENM) prior to version 21.2 contains an access-control issue where users within the same AMOS authorization group can access managed-network data that was not intended for the entire group. The root cause, as stated in multiple sources, is incorrect access-control behavio...

6.5CVSS6.1AI score0.01075EPSS

CVE•added 2024/04/04 6:25 p.m.•72 views

CVE-2024-25007

CVE-2024-25007 affects Ericsson Network Manager (ENM) versions prior to 23.1. The issue resides in the export function of the application log, where Improper Neutralization of Formula Elements in a CSV File can enable code execution or information disclosure. Impact is limited to integrity and av...

7.1CVSS7AI score0.00441EPSS

CVE•added 2023/12/07 12:0 a.m.•61 views

CVE-2023-39909

CVE-2023-39909 affects Ericsson Network Manager prior to 23.2. The vulnerability arises from mishandled access control, allowing unauthenticated low‑privilege users to access the NCM application (impacting confidentiality, integrity, and availability). The issue is documented across multiple sour...

8.8CVSS8.7AI score0.00776EPSS

CVE•added 2022/08/25 11:28 p.m.•56 views

CVE-2021-32570

CVE-2021-32570 affects Ericsson Network Manager (ENM) versions before 21.2. The issue allows users within the same AMOS authorization group (considered highly privileged) to access data from certain log files under a common path and read information stored in those logs, enabling privilege escala...

4.9CVSS4.9AI score0.0064EPSS

CVE•added 2023/06/29 12:0 a.m.•52 views

CVE-2022-46407

CVE-2022-46407 concerns Ericsson Network Manager (ENM) versions prior to 22.2. A vulnerability in the REST endpoint "editprofile" allows an Open Redirect HTTP Header Injection that can redirect submitted requests to domains outside the ENM deployment. The attacker would require admin/elevated pri...

4.8CVSS5.3AI score0.00297EPSS

Web

CVE•added 2023/06/29 12:0 a.m.•46 views

CVE-2022-46408

Ericsson Network Manager (ENM) versions prior to 22.1 are affected by CVE-2022-46408 in the Network Connectivity Manager (NCM) component. The vulnerability arises from improper neutralization of formula elements in CSV files, potentially enabling remote code execution or data leakage through mali...

6.8CVSS7AI score0.00797EPSS

CVE•added 2025/10/13 6:16 a.m.•13 views

CVE-2025-27259

CVE-2025-27259 affects Ericsson Network Manager prior to ENM 25.2 GA. Root cause is improper neutralization of user controlled input. Impact described as exfiltration of limited data or redirect to other sites/domains. No exploitation details are provided in the sources; reported remediation is t...

5.4CVSS6.4AI score0.00186EPSS

CVE•added 2025/10/13 6:25 a.m.•10 views

CVE-2025-27258

Ericsson Network Manager (ENM) is affected in versions prior to ENM 25.1 GA, where a vulnerability could lead to an escalation of privilege if exploited. The issue is documented across multiple sources (NVD, Red Hat, EUVD, CVE listings). Practical impact is limited to privilege escalation within ...

9.8CVSS6.6AI score0.00272EPSS