Vulnerabilities > Ericsson

DATE CVE VULNERABILITY TITLE RISK
2021-11-03 CVE-2021-43339 Command Injection vulnerability in Ericsson Network Location
In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality.
network
low complexity
ericsson CWE-77
8.8
2021-10-14 CVE-2021-32571 Incomplete Cleanup vulnerability in Ericsson Operations Support System-Radio and Core Firmware 18B
In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only.
network
low complexity
ericsson CWE-459
4.9
2021-10-14 CVE-2021-32569 Cross-site Scripting vulnerability in Ericsson Operations Support System-Radio and Core Firmware 18B
In OSS-RC systems of the release 18B and older customer documentation browsing libraries under ALEX are subject to Cross-Site Scripting.
network
low complexity
ericsson CWE-79
6.1
2021-09-17 CVE-2021-41390 Injection vulnerability in Ericsson Enterprise Content Management 18.0
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection.
network
low complexity
ericsson CWE-74
8.0
2021-09-17 CVE-2021-41391 Cross-site Scripting vulnerability in Ericsson Enterprise Content Management 18.0
In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover.
network
low complexity
ericsson CWE-79
5.4
2020-11-27 CVE-2020-29145 Cross-site Scripting vulnerability in Ericsson products
In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group.
network
low complexity
ericsson CWE-79
5.4
2020-11-27 CVE-2020-29144 Cross-site Scripting vulnerability in Ericsson products
In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment.
network
low complexity
ericsson CWE-79
5.4
2019-03-21 CVE-2019-7417 Cross-site Scripting vulnerability in Ericsson Active Library Explorer 14.3
XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter.
network
low complexity
ericsson CWE-79
6.1