Sign-up

ID

VAR-201711-0963


CVE

CVE-2017-8125


TITLE

UMA Cross-site scripting vulnerability in product software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010638

DESCRIPTION

The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit

Trust: 1.71

sources: NVD: CVE-2017-8125 // JVNDB: JVNDB-2017-010638 // VULHUB: VHN-116328

AFFECTED PRODUCTS

vendor:huaweimodel:umascope:eqversion:v300r001

Trust: 1.6

vendor:huaweimodel:umascope:eqversion:v200r001

Trust: 1.6

vendor:huaweimodel:unified maintenance and auditscope:eqversion:v200r001

Trust: 0.8

vendor:huaweimodel:unified maintenance and auditscope:eqversion:v300r001

Trust: 0.8

sources: JVNDB: JVNDB-2017-010638 // CNNVD: CNNVD-201711-990 // NVD: CVE-2017-8125

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8125
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-8125
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-990
value: MEDIUM

Trust: 0.6

VULHUB: VHN-116328
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-8125
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-116328
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8125
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116328 // JVNDB: JVNDB-2017-010638 // CNNVD: CNNVD-201711-990 // NVD: CVE-2017-8125

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-116328 // JVNDB: JVNDB-2017-010638 // NVD: CVE-2017-8125

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-990

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201711-990

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010638

PATCH
title:huawei-sa-20170612-01-umaurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en
Trust: 0.8
title:Huawei UMA Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76700
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010638 // 
            
            
            
            CNNVD: CNNVD-201711-990

EXTERNAL IDS
db:NVDid:CVE-2017-8125
Trust: 2.5
db:JVNDBid:JVNDB-2017-010638
Trust: 0.8
db:CNNVDid:CNNVD-201711-990
Trust: 0.7
db:VULHUBid:VHN-116328
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116328 // 
            
            
            
            JVNDB: JVNDB-2017-010638 // 
            
            
            
            CNNVD: CNNVD-201711-990 // 
            
            
            
            NVD: CVE-2017-8125

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8125
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8125
Trust: 0.8
sources:
            
            
            VULHUB: VHN-116328 // 
            
            
            
            JVNDB: JVNDB-2017-010638 // 
            
            
            
            CNNVD: CNNVD-201711-990 // 
            
            
            
            NVD: CVE-2017-8125

SOURCES
db:VULHUBid:VHN-116328
db:JVNDBid:JVNDB-2017-010638
db:CNNVDid:CNNVD-201711-990
db:NVDid:CVE-2017-8125

LAST UPDATE DATE
2024-11-23T22:56:03.114000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116328date:2017-12-08T00:00:00
db:JVNDBid:JVNDB-2017-010638date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-990date:2017-11-27T00:00:00
db:NVDid:CVE-2017-8125date:2024-11-21T03:33:22.343

SOURCES RELEASE DATE
db:VULHUBid:VHN-116328date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010638date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-990date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8125date:2017-11-22T19:29:02.413