Vulnerabilities > Ericsson > High

DATE CVE VULNERABILITY TITLE RISK
2024-04-04 CVE-2024-25007 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ericsson Network Manager 21.2/22.1/22.2
Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure.
low complexity
ericsson CWE-1236
7.1
2023-12-07 CVE-2023-39909 Unspecified vulnerability in Ericsson Network Manager 21.2/22.1/22.2
Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application.
network
low complexity
ericsson
8.8
2023-12-05 CVE-2022-47531 Unspecified vulnerability in Ericsson Evolved Packet Gateway 2.0/3.0
An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell.
network
low complexity
ericsson
8.8
2021-11-03 CVE-2021-43339 Command Injection vulnerability in Ericsson Network Location
In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality.
network
low complexity
ericsson CWE-77
8.8
2021-09-17 CVE-2021-41390 Injection vulnerability in Ericsson Enterprise Content Management 18.0
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection.
network
low complexity
ericsson CWE-74
8.0