Vulnerabilities > Ericsson > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-04-04 | CVE-2024-25007 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ericsson Network Manager 21.2/22.1/22.2 Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. | 7.1 |
2023-12-07 | CVE-2023-39909 | Unspecified vulnerability in Ericsson Network Manager 21.2/22.1/22.2 Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. | 8.8 |
2023-12-05 | CVE-2022-47531 | Unspecified vulnerability in Ericsson Evolved Packet Gateway 2.0/3.0 An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell. | 8.8 |
2021-11-03 | CVE-2021-43339 | Command Injection vulnerability in Ericsson Network Location In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. | 8.8 |
2021-09-17 | CVE-2021-41390 | Injection vulnerability in Ericsson Enterprise Content Management 18.0 In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. | 8.0 |