Filtered by vendor Ericsson
Subscribe
Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27259 | 1 Ericsson | 1 Network Manager | 2025-10-21 | N/A | 5.4 MEDIUM |
| Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains. | |||||
| CVE-2025-27258 | 1 Ericsson | 1 Network Manager | 2025-10-21 | N/A | 9.8 CRITICAL |
| Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege. | |||||
| CVE-2025-27262 | 1 Ericsson | 2 Indoor Connect 8855, Indoor Connect 8855 Firmware | 2025-10-02 | N/A | 7.8 HIGH |
| Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges. | |||||
| CVE-2025-40836 | 1 Ericsson | 2 Indoor Connect 8855, Indoor Connect 8855 Firmware | 2025-10-02 | N/A | 9.8 CRITICAL |
| Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges. | |||||
| CVE-2025-40837 | 1 Ericsson | 2 Indoor Connect 8855, Indoor Connect 8855 Firmware | 2025-10-02 | N/A | 8.8 HIGH |
| Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended. | |||||
| CVE-2025-27261 | 1 Ericsson | 2 Indoor Connect 8855, Indoor Connect 8855 Firmware | 2025-10-02 | N/A | 9.8 CRITICAL |
| Ericsson Indoor Connect 8855 contains an SQL injection vulnerability which if exploited can result in unauthorized disclosure or modification of data. | |||||
| CVE-2024-25007 | 1 Ericsson | 1 Network Manager | 2024-11-21 | N/A | 7.1 HIGH |
| Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability. | |||||
| CVE-2023-49793 | 1 Ericsson | 1 Codechecker | 2024-11-21 | N/A | 6.5 MEDIUM |
| CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of `CodeChecker server`. The vulnerable endpoint is `/Default/v6.53/CodeCheckerService@massStoreRun`. The path traversal vulnerability allows reading data on the machine of the `CodeChecker server`, with the same permission level as the `CodeChecker server`. The attack requires a user account on the `CodeChecker server`, with permission to store to a server, and view the stored report. This vulnerability has been patched in version 6.23. | |||||
| CVE-2023-39909 | 1 Ericsson | 1 Network Manager | 2024-11-21 | N/A | 8.8 HIGH |
| Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. | |||||
| CVE-2022-47531 | 1 Ericsson | 1 Evolved Packet Gateway | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell. | |||||
| CVE-2022-46408 | 1 Ericsson | 1 Network Manager | 2024-11-21 | N/A | 6.8 MEDIUM |
| Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability. | |||||
| CVE-2022-46407 | 1 Ericsson | 1 Network Manager | 2024-11-21 | N/A | 4.8 MEDIUM |
| Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability | |||||
| CVE-2021-44217 | 1 Ericsson | 1 Codechecker | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API. | |||||
| CVE-2021-43339 | 1 Ericsson | 1 Network Location | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created. | |||||
| CVE-2021-41391 | 1 Ericsson | 1 Enterprise Content Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover. | |||||
| CVE-2021-41390 | 1 Ericsson | 1 Enterprise Content Management | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. | |||||
| CVE-2021-32571 | 1 Ericsson | 2 Operations Support System-radio And Core, Operations Support System-radio And Core Firmware | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to | |||||
| CVE-2021-32570 | 1 Ericsson | 1 Network Manager | 2024-11-21 | N/A | 4.9 MEDIUM |
| In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security Administrator. Those users can access some log’s files, under a common path, and read information stored in the log’s files in order to conduct privilege escalation. | |||||
| CVE-2021-32569 | 1 Ericsson | 2 Operations Support System-radio And Core, Operations Support System-radio And Core Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OSS-RC systems of the release 18B and older customer documentation browsing libraries under ALEX are subject to Cross-Site Scripting. This problem is completely resolved in new Ericsson library browsing tool ELEX used in systems like Ericsson Network Manager. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to | |||||
| CVE-2021-28488 | 1 Ericsson | 1 Network Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group). | |||||