Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ericsson vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2024-25007
Ericsson Network Manager (ENM), versions before 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and...
Ericsson Network Manager
8.8
CVSSv3
CVE-2023-39909
Ericsson Network Manager prior to 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application.
Ericsson Network Manager
8.8
CVSSv3
CVE-2022-47531
An issue exists in Ericsson Evolved Packet Gateway (EPG) versions 3.x prior to 3.25 and 2.x prior to 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell.
Ericsson Evolved Packet Gateway
4.3
CVSSv3
CVE-2021-28485
In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via ...
Ericsson Mobile Switching Center Server Bc 18a Firmware
6.8
CVSSv3
CVE-2022-46408
Ericsson Network Manager (ENM), versions before 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlin...
Ericsson Network Manager
4.8
CVSSv3
CVE-2022-46407
Ericsson Network Manager (ENM), versions before 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would ...
Ericsson Network Manager
4.9
CVSSv3
CVE-2021-32570
In Ericsson Network Manager (ENM) releases prior to 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized...
Ericsson Network Manager
6.5
CVSSv3
CVE-2021-28488
Ericsson Network Manager (ENM) prior to 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was...
Ericsson Network Manager
6.1
CVSSv3
CVE-2021-44217
In Ericsson CodeChecker up to and including 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote malicious users to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API.
Ericsson Codechecker
1 Github repository
8.8
CVSSv3
CVE-2021-43339
In Ericsson Network Location prior to 2021-07-31, it is possible for an authenticated malicious user to inject commands via file_name in the export functionality. For example, a new admin user could be created.
Ericsson Network Location
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »