Sign-up

ID

VAR-201711-0968


CVE

CVE-2017-8130


TITLE

UMA Information disclosure vulnerabilities in product software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010643

DESCRIPTION

The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit

Trust: 1.71

sources: NVD: CVE-2017-8130 // JVNDB: JVNDB-2017-010643 // VULHUB: VHN-116333

AFFECTED PRODUCTS

vendor:huaweimodel:umascope:eqversion:v300r001

Trust: 1.6

vendor:huaweimodel:umascope:eqversion:v200r001

Trust: 1.6

vendor:huaweimodel:unified maintenance and auditscope:eqversion:v200r001

Trust: 0.8

vendor:huaweimodel:unified maintenance and auditscope:eqversion:v300r001

Trust: 0.8

sources: JVNDB: JVNDB-2017-010643 // CNNVD: CNNVD-201711-985 // NVD: CVE-2017-8130

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8130
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-8130
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-985
value: MEDIUM

Trust: 0.6

VULHUB: VHN-116333
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-8130
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-116333
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8130
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116333 // JVNDB: JVNDB-2017-010643 // CNNVD: CNNVD-201711-985 // NVD: CVE-2017-8130

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-116333 // JVNDB: JVNDB-2017-010643 // NVD: CVE-2017-8130

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-985

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201711-985

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010643

PATCH
title:huawei-sa-20170612-01-umaurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en
Trust: 0.8
title:Huawei UMA Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76695
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010643 // 
            
            
            
            CNNVD: CNNVD-201711-985

EXTERNAL IDS
db:NVDid:CVE-2017-8130
Trust: 2.5
db:JVNDBid:JVNDB-2017-010643
Trust: 0.8
db:CNNVDid:CNNVD-201711-985
Trust: 0.7
db:VULHUBid:VHN-116333
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116333 // 
            
            
            
            JVNDB: JVNDB-2017-010643 // 
            
            
            
            CNNVD: CNNVD-201711-985 // 
            
            
            
            NVD: CVE-2017-8130

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8130
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8130
Trust: 0.8
sources:
            
            
            VULHUB: VHN-116333 // 
            
            
            
            JVNDB: JVNDB-2017-010643 // 
            
            
            
            CNNVD: CNNVD-201711-985 // 
            
            
            
            NVD: CVE-2017-8130

SOURCES
db:VULHUBid:VHN-116333
db:JVNDBid:JVNDB-2017-010643
db:CNNVDid:CNNVD-201711-985
db:NVDid:CVE-2017-8130

LAST UPDATE DATE
2024-11-23T22:45:29.876000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116333date:2017-12-08T00:00:00
db:JVNDBid:JVNDB-2017-010643date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-985date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8130date:2024-11-21T03:33:22.903

SOURCES RELEASE DATE
db:VULHUBid:VHN-116333date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010643date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-985date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8130date:2017-11-22T19:29:02.600