22.2

CVSS 7.1 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

HIGH

Availability impact

LOW

low complexity

ericsson

CWE-1236

NVD

Published: 2024-04-04

Updated: 2024-04-29

Summary

Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Ericsson Ericsson Network Manager - Ericsson Network Manager 21.2 Ericsson Network Manager 22.1 Ericsson Network Manager 22.2	4

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024