Vulnerabilities > Ericsson > Network Manager
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-04-04 | CVE-2024-25007 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ericsson Network Manager 21.2/22.1/22.2 Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. | 7.1 |
2023-12-07 | CVE-2023-39909 | Unspecified vulnerability in Ericsson Network Manager 21.2/22.1/22.2 Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. | 8.8 |
2023-06-29 | CVE-2022-46408 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ericsson Network Manager 21.2 Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. | 6.8 |
2023-06-29 | CVE-2022-46407 | Open Redirect vulnerability in Ericsson Network Manager 21.2 Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. | 4.8 |
2022-03-10 | CVE-2021-28488 | Exposure of Resource to Wrong Sphere vulnerability in Ericsson Network Manager Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). | 4.0 |