Sign-up

ID

VAR-201711-0956


CVE

CVE-2017-8118


TITLE

UMA Information disclosure vulnerability in product software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010612

DESCRIPTION

The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit

Trust: 1.71

sources: NVD: CVE-2017-8118 // JVNDB: JVNDB-2017-010612 // VULHUB: VHN-116321

AFFECTED PRODUCTS

vendor:huaweimodel:umascope:eqversion:v300r001

Trust: 1.6

vendor:huaweimodel:umascope:eqversion:v200r001

Trust: 1.6

vendor:huaweimodel:unified maintenance and auditscope:eqversion:v200r001

Trust: 0.8

vendor:huaweimodel:unified maintenance and auditscope:eqversion:v300r001

Trust: 0.8

sources: JVNDB: JVNDB-2017-010612 // CNNVD: CNNVD-201711-997 // NVD: CVE-2017-8118

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8118
value: LOW

Trust: 1.0

NVD: CVE-2017-8118
value: LOW

Trust: 0.8

CNNVD: CNNVD-201711-997
value: LOW

Trust: 0.6

VULHUB: VHN-116321
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-8118
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-116321
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8118
baseSeverity: LOW
baseScore: 2.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116321 // JVNDB: JVNDB-2017-010612 // CNNVD: CNNVD-201711-997 // NVD: CVE-2017-8118

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-116321 // JVNDB: JVNDB-2017-010612 // NVD: CVE-2017-8118

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-997

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201711-997

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010612

PATCH
title:huawei-sa-20170612-01-umaurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en
Trust: 0.8
title:Huawei UMA Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76707
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010612 // 
            
            
            
            CNNVD: CNNVD-201711-997

EXTERNAL IDS
db:NVDid:CVE-2017-8118
Trust: 2.5
db:JVNDBid:JVNDB-2017-010612
Trust: 0.8
db:CNNVDid:CNNVD-201711-997
Trust: 0.7
db:VULHUBid:VHN-116321
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116321 // 
            
            
            
            JVNDB: JVNDB-2017-010612 // 
            
            
            
            CNNVD: CNNVD-201711-997 // 
            
            
            
            NVD: CVE-2017-8118

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8118
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8118
Trust: 0.8
sources:
            
            
            VULHUB: VHN-116321 // 
            
            
            
            JVNDB: JVNDB-2017-010612 // 
            
            
            
            CNNVD: CNNVD-201711-997 // 
            
            
            
            NVD: CVE-2017-8118

SOURCES
db:VULHUBid:VHN-116321
db:JVNDBid:JVNDB-2017-010612
db:CNNVDid:CNNVD-201711-997
db:NVDid:CVE-2017-8118

LAST UPDATE DATE
2024-11-23T22:12:47.360000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116321date:2017-12-08T00:00:00
db:JVNDBid:JVNDB-2017-010612date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-997date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8118date:2024-11-21T03:33:21.543

SOURCES RELEASE DATE
db:VULHUBid:VHN-116321date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010612date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-997date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8118date:2017-11-22T19:29:02.130