Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ericsson network manager vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-39909
Ericsson Network Manager prior to 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application.
Ericsson Network Manager
NA
CVE-2021-32570
In Ericsson Network Manager (ENM) releases prior to 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized...
Ericsson Network Manager
NA
CVE-2022-46407
Ericsson Network Manager (ENM), versions before 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would ...
Ericsson Network Manager
NA
CVE-2022-46408
Ericsson Network Manager (ENM), versions before 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlin...
Ericsson Network Manager
4
CVSSv2
CVE-2021-28488
Ericsson Network Manager (ENM) prior to 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was...
Ericsson Network Manager
NA
CVE-2024-25007
Ericsson Network Manager (ENM), versions before 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and...
Ericsson Network Manager
4.3
CVSSv2
CVE-2021-32569
In OSS-RC systems of the release 18B and older customer documentation browsing libraries under ALEX are subject to Cross-Site Scripting. This problem is completely resolved in new Ericsson library browsing tool ELEX used in systems like Ericsson Network Manager. NOTE: This vulner...
Ericsson Operations Support System-radio And Core Firmware
4
CVSSv2
CVE-2021-32571
In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no ...
Ericsson Operations Support System-radio And Core Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started