Vulnerabilities > Huawei > Ch220 V3 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-05 CVE-2018-7943 Improper Authentication vulnerability in Huawei products
There is an authentication bypass vulnerability in some Huawei servers.
network
low complexity
huawei CWE-287
8.8
2018-06-01 CVE-2018-7951 Code Injection vulnerability in Huawei products
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation.
network
low complexity
huawei CWE-94
8.8
2018-06-01 CVE-2018-7950 Code Injection vulnerability in Huawei products
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation.
network
low complexity
huawei CWE-94
8.8
2018-06-01 CVE-2018-7949 Improper Authentication vulnerability in Huawei products
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability.
network
low complexity
huawei CWE-287
8.8
2018-05-10 CVE-2018-7941 Improper Authentication vulnerability in Huawei products
Huawei iBMC V200R002C60 have an authentication bypass vulnerability.
network
low complexity
huawei CWE-287
8.8
2017-10-10 CVE-2015-7842 Permission Issues vulnerability in Huawei products
Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions.
network
low complexity
huawei CWE-275
7.1