Vulnerabilities > Ericsson

DATE CVE VULNERABILITY TITLE RISK
2024-06-24 CVE-2023-49793 Path Traversal vulnerability in Ericsson Codechecker
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.
network
low complexity
ericsson CWE-22
6.5
2024-04-04 CVE-2024-25007 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ericsson Network Manager 21.2/22.1/22.2
Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure.
low complexity
ericsson CWE-1236
7.1
2023-12-07 CVE-2023-39909 Unspecified vulnerability in Ericsson Network Manager 21.2/22.1/22.2
Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application.
network
low complexity
ericsson
8.8
2023-12-05 CVE-2022-47531 Unspecified vulnerability in Ericsson Evolved Packet Gateway 2.0/3.0
An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell.
network
low complexity
ericsson
8.8
2023-09-14 CVE-2021-28485 Path Traversal vulnerability in Ericsson Mobile Switching Center Server BC 18A Firmware Is3.1
In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application.
network
low complexity
ericsson CWE-22
4.3
2023-06-29 CVE-2022-46408 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ericsson Network Manager 21.2
Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks.
network
low complexity
ericsson CWE-1236
6.8
2023-06-29 CVE-2022-46407 Open Redirect vulnerability in Ericsson Network Manager 21.2/22.1
Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment.
network
low complexity
ericsson CWE-601
4.8
2022-08-26 CVE-2021-32570 Information Exposure Through Log Files vulnerability in Ericsson Network Manager
In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files.
network
low complexity
ericsson CWE-532
4.9
2022-03-10 CVE-2021-28488 Exposure of Resource to Wrong Sphere vulnerability in Ericsson Network Manager
Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role).
network
low complexity
ericsson CWE-668
6.5
2022-01-18 CVE-2021-44217 Cross-site Scripting vulnerability in Ericsson Codechecker
In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API.
network
low complexity
ericsson CWE-79
6.1