Sign-up

ID

VAR-201711-0965


CVE

CVE-2017-8127


TITLE

UMA Cross-site scripting vulnerability in product software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010640

DESCRIPTION

The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit

Trust: 1.71

sources: NVD: CVE-2017-8127 // JVNDB: JVNDB-2017-010640 // VULHUB: VHN-116330

AFFECTED PRODUCTS

vendor:huaweimodel:umascope:eqversion:v200r001

Trust: 1.6

vendor:huaweimodel:unified maintenance and auditscope:eqversion:v200r001

Trust: 0.8

sources: JVNDB: JVNDB-2017-010640 // CNNVD: CNNVD-201711-988 // NVD: CVE-2017-8127

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8127
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-8127
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-988
value: MEDIUM

Trust: 0.6

VULHUB: VHN-116330
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-8127
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-116330
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8127
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116330 // JVNDB: JVNDB-2017-010640 // CNNVD: CNNVD-201711-988 // NVD: CVE-2017-8127

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-116330 // JVNDB: JVNDB-2017-010640 // NVD: CVE-2017-8127

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-988

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201711-988

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010640

PATCH
title:huawei-sa-20170612-01-umaurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en
Trust: 0.8
title:Huawei UMA Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76698
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010640 // 
            
            
            
            CNNVD: CNNVD-201711-988

EXTERNAL IDS
db:NVDid:CVE-2017-8127
Trust: 2.5
db:JVNDBid:JVNDB-2017-010640
Trust: 0.8
db:CNNVDid:CNNVD-201711-988
Trust: 0.7
db:VULHUBid:VHN-116330
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116330 // 
            
            
            
            JVNDB: JVNDB-2017-010640 // 
            
            
            
            CNNVD: CNNVD-201711-988 // 
            
            
            
            NVD: CVE-2017-8127

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8127
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8127
Trust: 0.8
sources:
            
            
            VULHUB: VHN-116330 // 
            
            
            
            JVNDB: JVNDB-2017-010640 // 
            
            
            
            CNNVD: CNNVD-201711-988 // 
            
            
            
            NVD: CVE-2017-8127

SOURCES
db:VULHUBid:VHN-116330
db:JVNDBid:JVNDB-2017-010640
db:CNNVDid:CNNVD-201711-988
db:NVDid:CVE-2017-8127

LAST UPDATE DATE
2024-11-23T23:02:19.181000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116330date:2017-12-08T00:00:00
db:JVNDBid:JVNDB-2017-010640date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-988date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8127date:2024-11-21T03:33:22.563

SOURCES RELEASE DATE
db:VULHUBid:VHN-116330date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010640date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-988date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8127date:2017-11-22T19:29:02.490