Sign-up

ID

VAR-201604-0304


CVE

CVE-2016-3675


TITLE

Huawei Policy Center In software SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-002070

DESCRIPTION

SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Huawei Policy Center is a set of policy management center software of China Huawei (Huawei). The software provides functions such as visitor management and customized Portal login interface

Trust: 1.98

sources: NVD: CVE-2016-3675 // JVNDB: JVNDB-2016-002070 // BID: 85568 // VULHUB: VHN-92494

AFFECTED PRODUCTS

vendor:huaweimodel:policy centerscope:eqversion:v100r003c00

Trust: 1.0

vendor:huaweimodel:policy centerscope:eqversion:v100r003c10

Trust: 1.0

vendor:huaweimodel:policy centerscope: - version: -

Trust: 0.8

vendor:huaweimodel:policy centerscope:ltversion:v100r003c10spc020

Trust: 0.8

vendor:huaweimodel:policy centerscope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2016-002070 // CNNVD: CNNVD-201604-176 // NVD: CVE-2016-3675

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-3675
value: HIGH

Trust: 1.0

NVD: CVE-2016-3675
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201604-176
value: HIGH

Trust: 0.6

VULHUB: VHN-92494
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-3675
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-92494
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-3675
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2016-3675
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-92494 // JVNDB: JVNDB-2016-002070 // CNNVD: CNNVD-201604-176 // NVD: CVE-2016-3675

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-92494 // JVNDB: JVNDB-2016-002070 // NVD: CVE-2016-3675

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-176

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201604-176

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002070

PATCH
title:huawei-sa-20160325-01-policycenterurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160325-01-policycenter-en
Trust: 0.8
title:Huawei Policy Center SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60877
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-002070 // 
            
            
            
            CNNVD: CNNVD-201604-176

EXTERNAL IDS
db:NVDid:CVE-2016-3675
Trust: 2.8
db:JVNDBid:JVNDB-2016-002070
Trust: 0.8
db:CNNVDid:CNNVD-201604-176
Trust: 0.7
db:BIDid:85568
Trust: 0.4
db:VULHUBid:VHN-92494
Trust: 0.1
sources:
            
            
            VULHUB: VHN-92494 // 
            
            
            
            BID: 85568 // 
            
            
            
            JVNDB: JVNDB-2016-002070 // 
            
            
            
            CNNVD: CNNVD-201604-176 // 
            
            
            
            NVD: CVE-2016-3675

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160325-01-policycenter-en
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3675
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3675
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-92494 // 
            
            
            
            BID: 85568 // 
            
            
            
            JVNDB: JVNDB-2016-002070 // 
            
            
            
            CNNVD: CNNVD-201604-176 // 
            
            
            
            NVD: CVE-2016-3675

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 85568

SOURCES
db:VULHUBid:VHN-92494
db:BIDid:85568
db:JVNDBid:JVNDB-2016-002070
db:CNNVDid:CNNVD-201604-176
db:NVDid:CVE-2016-3675

LAST UPDATE DATE
2024-11-23T22:34:50.507000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-92494date:2016-04-14T00:00:00
db:BIDid:85568date:2016-07-06T14:14:00
db:JVNDBid:JVNDB-2016-002070date:2016-04-18T00:00:00
db:CNNVDid:CNNVD-201604-176date:2021-09-14T00:00:00
db:NVDid:CVE-2016-3675date:2024-11-21T02:50:29.337

SOURCES RELEASE DATE
db:VULHUBid:VHN-92494date:2016-04-11T00:00:00
db:BIDid:85568date:2016-03-25T00:00:00
db:JVNDBid:JVNDB-2016-002070date:2016-04-18T00:00:00
db:CNNVDid:CNNVD-201604-176date:2016-04-12T00:00:00
db:NVDid:CVE-2016-3675date:2016-04-11T15:59:08.720