Vulnerabilities > Ericsson > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-14 | CVE-2021-28485 | Path Traversal vulnerability in Ericsson Mobile Switching Center Server BC 18A Firmware Is3.1 In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application. | 4.3 |
| 2023-06-29 | CVE-2022-46408 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ericsson Network Manager 21.2 Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. | 6.8 |
| 2023-06-29 | CVE-2022-46407 | Open Redirect vulnerability in Ericsson Network Manager 21.2 Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. | 4.8 |
| 2022-03-10 | CVE-2021-28488 | Exposure of Resource to Wrong Sphere vulnerability in Ericsson Network Manager Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). | 4.0 |
| 2022-01-18 | CVE-2021-44217 | Cross-site Scripting vulnerability in Ericsson Codechecker In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API. | 4.3 |
| 2021-11-03 | CVE-2021-43339 | Command Injection vulnerability in Ericsson Network Location In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. | 6.5 |
| 2021-10-14 | CVE-2021-32571 | Incomplete Cleanup vulnerability in Ericsson Operations Support System-Radio and Core Firmware 18B In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. | 4.9 |
| 2021-10-14 | CVE-2021-32569 | Cross-site Scripting vulnerability in Ericsson Operations Support System-Radio and Core Firmware 18B In OSS-RC systems of the release 18B and older customer documentation browsing libraries under ALEX are subject to Cross-Site Scripting. | 6.1 |
| 2021-09-17 | CVE-2021-41390 | Injection vulnerability in Ericsson Enterprise Content Management 18.0 In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. | 6.0 |
| 2019-03-21 | CVE-2019-7417 | Cross-site Scripting vulnerability in Ericsson Active Library Explorer 14.3 XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter. | 4.3 |